Vulnerabilites related to winscp - winscp
Vulnerability from fkie_nvd
Published
2013-08-19 23:55
Modified
2024-11-21 01:56
Severity ?
Summary
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html
cve@mitre.orghttp://secunia.com/advisories/54379Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/54517
cve@mitre.orghttp://secunia.com/advisories/54533
cve@mitre.orghttp://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
cve@mitre.orghttp://winscp.net/tracker/show_bug.cgi?id=1017
cve@mitre.orghttp://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.htmlVendor Advisory
cve@mitre.orghttp://www.debian.org/security/2013/dsa-2736
cve@mitre.orghttp://www.search-lab.hu/advisories/secadv-20130722
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54379Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54517
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/54533
af854a3a-2127-422b-91ae-364da2661108http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
af854a3a-2127-422b-91ae-364da2661108http://winscp.net/tracker/show_bug.cgi?id=1017
af854a3a-2127-422b-91ae-364da2661108http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2736
af854a3a-2127-422b-91ae-364da2661108http://www.search-lab.hu/advisories/secadv-20130722
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "622C1C29-794B-4000-90B0-E2BB65ED0AB2",
                     versionEndIncluding: "5.1.5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.7.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "2E3DFFBF-4E07-4449-A7A0-873DF6A98E21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "89254511-B715-4515-AA6F-86133A2182CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.8_beta:*:*:*:*:*:*:*",
                     matchCriteriaId: "5EA30CE9-054B-4C5E-BE4E-8F404E3BBD49",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.0.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "D838748A-09CC-4940-829F-910B013A9962",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "F6DD6743-97F5-43AB-8D84-FB3561BDE964",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "12FA1BCF-7E92-4C97-9B44-579A28FD1AA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.2.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "3569C249-6505-469C-B44D-9CD44497E153",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.2.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0C15244-1AD8-4D82-BAC4-FD77A83FBFE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.2.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5E49405-3C31-488C-8D28-2A417083D07B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.3.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B148D20-65E9-4C6B-985E-69BC737FC36F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.3.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "81237965-5289-4784-BCE9-44891036E49A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.3.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "48CCC513-6594-4AD4-BB11-47456767F741",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "53DAE27A-C884-4619-B9D2-4BB356DD0743",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.3.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "3AB16665-C7CD-4672-A8DF-CED0267C6909",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.3.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "C4E4F93A-F40E-4367-ACDA-97190281BED5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.3.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "058A5223-B23D-483E-89FC-64BAE4E98FE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "E35FFF50-7989-4749-BE7D-51068B249D4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0:beta:*:*:*:*:*:*",
                     matchCriteriaId: "1993D161-712E-47AE-8402-538273CC21EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.1:beta:*:*:*:*:*:*",
                     matchCriteriaId: "E42F707C-A70C-4EF5-B898-F693B6C586BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.2:beta:*:*:*:*:*:*",
                     matchCriteriaId: "5C8DB53F-739D-4B28-9D16-D6CF4478CAE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.3:beta:*:*:*:*:*:*",
                     matchCriteriaId: "C6521E48-0607-4F51-81F4-569DC950F01E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.4:beta:*:*:*:*:*:*",
                     matchCriteriaId: "D8204C5B-23CF-4111-BF98-EB73442CD47B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.5:beta:*:*:*:*:*:*",
                     matchCriteriaId: "4100FDCF-087A-44AA-ABA2-C0632FE452F9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.6:beta:*:*:*:*:*:*",
                     matchCriteriaId: "F2496D95-22A2-4EA9-A090-45E630D57526",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.7:beta:*:*:*:*:*:*",
                     matchCriteriaId: "3C6B9617-B687-4885-8100-2ECBEE1E157A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.8:rc:*:*:*:*:*:*",
                     matchCriteriaId: "6D462DB0-E03E-4642-908F-16628FFA68FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.0.9:rc:*:*:*:*:*:*",
                     matchCriteriaId: "BB0CE816-3C7B-43CA-A0AB-A011D5B093D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF1E6934-4CE0-4DFC-BA3E-67395C04B0BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "AD7230D1-2155-456D-B43A-AA66B24912B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A56FBACE-0A1F-4AC3-B306-F8B0E9869BAE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.1.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "5FE7557D-6BE4-49EA-97C2-011DF8CB6C74",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.1.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C392415-3564-44E3-82EA-CB3C8DB0BC27",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B21E9A8-CE63-42C2-A11A-94D977A96DF1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "DFBF430B-0832-44B0-AA0E-BA9E467F7668",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.45:*:*:*:*:*:*:*",
                     matchCriteriaId: "5D5EB349-B1DF-4CF5-9468-37DC66A929C3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.46:*:*:*:*:*:*:*",
                     matchCriteriaId: "CF223411-6FA4-43EC-8668-7DB4A98E4DEA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.47:*:*:*:*:*:*:*",
                     matchCriteriaId: "D0E87C56-DFD9-45D9-9169-3BB94F647F15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.50:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D7582C1-AA8E-41E4-9D69-9A18A5B76CB0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.51:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC082AE0-C49D-4944-BE76-B751DAD1EF84",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.52:*:*:*:*:*:*:*",
                     matchCriteriaId: "23BAD8E4-2D3A-45EE-A25D-77BD698119BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F7716EC-E0F9-4E50-8351-35D2F248B380",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.54:*:*:*:*:*:*:*",
                     matchCriteriaId: "46C2BD4D-9817-459E-ACF4-9C95233200A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.55:*:*:*:*:*:*:*",
                     matchCriteriaId: "22EE5957-76F3-4B20-ADE7-E72D1300A3F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.56:*:*:*:*:*:*:*",
                     matchCriteriaId: "826FA7E4-7F48-4D1C-856C-A965527B0950",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.57:*:*:*:*:*:*:*",
                     matchCriteriaId: "AA54ADC7-2A36-40DA-8219-DAA31509E534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.58:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A14381E-91A1-4902-B409-1281CFA2D561",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.59:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B33EB10-535F-42F2-8F78-CE128A89447C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.60:*:*:*:*:*:*:*",
                     matchCriteriaId: "218F9EAF-C260-43EC-99C4-EFACA9A1DA8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.61:*:*:*:*:*:*:*",
                     matchCriteriaId: "5966235B-2F1A-45C5-AF65-99FFFE4725DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:2010-06-01:r8967:*:*:development_snapshot:*:*:*",
                     matchCriteriaId: "820B9CC0-2A18-4357-B01F-565A0E35E275",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:simon_tatham:putty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A8E4288-5CEA-42F3-BF6A-FE7D78C907C0",
                     versionEndIncluding: "0.62",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:simon_tatham:putty:0.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "129133D1-B374-4743-9F52-27D0A9558D17",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.",
      },
      {
         lang: "es",
         value: "Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a  5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario en determinadas aplicaciones que utilizan PuTTY a través de un tamaño negativo en el valor de la firma en la clave RSA durante el handshake SSH, que provoca un desbordamiento basado en memoria dinámica.",
      },
   ],
   id: "CVE-2013-4852",
   lastModified: "2024-11-21T01:56:32.023",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2013-08-19T23:55:09.077",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/54379",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/54517",
      },
      {
         source: "cve@mitre.org",
         url: "http://secunia.com/advisories/54533",
      },
      {
         source: "cve@mitre.org",
         url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896",
      },
      {
         source: "cve@mitre.org",
         url: "http://winscp.net/tracker/show_bug.cgi?id=1017",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.debian.org/security/2013/dsa-2736",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.search-lab.hu/advisories/secadv-20130722",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/54379",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/54517",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://secunia.com/advisories/54533",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://winscp.net/tracker/show_bug.cgi?id=1017",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.debian.org/security/2013/dsa-2736",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.search-lab.hu/advisories/secadv-20130722",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-189",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.htmlBroken Link
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/04/18/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2022/08/02/1Mailing List, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/106741Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1677794Exploit, Issue Tracking, Third Party Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfThird Party Advisory
cve@mitre.orghttps://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes
cve@mitre.orghttps://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
cve@mitre.orghttps://security.gentoo.org/glsa/201903-16Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
cve@mitre.orghttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3885-1/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3885-2/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4387Third Party Advisory
cve@mitre.orghttps://www.exploit-db.com/exploits/46193/Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttps://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.ascThird Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/04/18/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2022/08/02/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106741Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1677794Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3885-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3885-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4387Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/46193/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
                     versionEndIncluding: "7.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D93F5251-820D-4345-8DDE-CCBBE069A9C1",
                     versionEndIncluding: "5.1.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:mina_sshd:2.2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF6C1E77-7C54-4825-A35C-5AE7369267F5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "986856F8-40BE-412F-A4F0-902D4820C3E3",
                     versionEndExcluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
                     matchCriteriaId: "826B53C2-517F-4FC6-92E8-E7FCB24F91B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
                     matchCriteriaId: "93F10A46-AEF2-4FDD-92D6-0CF07B70F986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
                     matchCriteriaId: "E1AD57A9-F53A-4E40-966E-F2F50852C5E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
                     matchCriteriaId: "C4029113-130F-4A33-A8A0-BC3E74000378",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "66D6EF49-7094-41D9-BDF5-AE5846E37418",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6593DA00-EE33-4223-BEAE-8DC629E79287",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "67E048EC-4A4F-4F0A-B0B5-F234700293DA",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "483F5457-7E06-46F3-A808-194289B98AFF",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5644E3E-941A-429A-9AFB-C1023659C1C2",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C1318DD-6AF4-490D-A4AE-079BA544EF8F",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en OpenSSH 7.9. Debido a que la implementación de SCP deriva del rcp 1983, el servidor elige qué archivos/directorios se están enviando al cliente. Sin embargo, el cliente scp solo realiza la validación superficial del nombre de objeto devuelto (solo se evitan los ataques de salto de directorio). Un servidor scp malicioso (o atacante Man-in-the-Middle) puede sobrescribir archivos arbitrarios en el directorio objetivo del cliente scp. Si se realiza la operación recursiva (-r), el servidor también puede manipular subdirectorios (por ejemplo, para sobrescribir el archivo .ssh/authorized_keys)",
      },
   ],
   id: "CVE-2019-6111",
   lastModified: "2024-11-21T04:45:57.900",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5.8,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-31T18:29:00.867",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/04/18/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/08/02/1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106741",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3702",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-2/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4387",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46193/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2019/04/18/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2022/08/02/1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106741",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3702",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Issue Tracking",
            "Third Party Advisory",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-2/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4387",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46193/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-22",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-12-18 16:15
Modified
2024-12-02 14:54
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
cve@mitre.orghttp://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://seclists.org/fulldisclosure/2024/Mar/21Mailing List, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/18/3Mailing List
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/19/5Mailing List
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2023/12/20/3Mailing List, Mitigation
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/03/06/3Mailing List
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/04/17/8Mailing List
cve@mitre.orghttps://access.redhat.com/security/cve/cve-2023-48795Third Party Advisory
cve@mitre.orghttps://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/Press/Media Coverage
cve@mitre.orghttps://bugs.gentoo.org/920280Issue Tracking
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=2254210Issue Tracking
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1217950Issue Tracking
cve@mitre.orghttps://crates.io/crates/thrussh/versionsRelease Notes
cve@mitre.orghttps://filezilla-project.org/versions.phpRelease Notes
cve@mitre.orghttps://forum.netgate.com/topic/184941/terrapin-ssh-attackIssue Tracking
cve@mitre.orghttps://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6Patch
cve@mitre.orghttps://github.com/NixOS/nixpkgs/pull/275249Release Notes
cve@mitre.orghttps://github.com/PowerShell/Win32-OpenSSH/issues/2189Issue Tracking
cve@mitre.orghttps://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-BetaRelease Notes
cve@mitre.orghttps://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0Patch
cve@mitre.orghttps://github.com/TeraTermProject/teraterm/releases/tag/v5.1Release Notes
cve@mitre.orghttps://github.com/advisories/GHSA-45x7-px36-x8w8Third Party Advisory
cve@mitre.orghttps://github.com/apache/mina-sshd/issues/445Issue Tracking
cve@mitre.orghttps://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173abPatch
cve@mitre.orghttps://github.com/connectbot/sshlib/compare/2.2.21...2.2.22Third Party Advisory
cve@mitre.orghttps://github.com/cyd01/KiTTY/issues/520Issue Tracking
cve@mitre.orghttps://github.com/drakkan/sftpgo/releases/tag/v2.5.6Release Notes
cve@mitre.orghttps://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42Patch
cve@mitre.orghttps://github.com/erlang/otp/releases/tag/OTP-26.2.1Release Notes
cve@mitre.orghttps://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05dPatch
cve@mitre.orghttps://github.com/hierynomus/sshj/issues/916Issue Tracking
cve@mitre.orghttps://github.com/janmojzis/tinyssh/issues/81Issue Tracking
cve@mitre.orghttps://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5Patch
cve@mitre.orghttps://github.com/libssh2/libssh2/pull/1291Mitigation
cve@mitre.orghttps://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25Patch
cve@mitre.orghttps://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3Patch
cve@mitre.orghttps://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15Product
cve@mitre.orghttps://github.com/mwiede/jsch/issues/457Issue Tracking
cve@mitre.orghttps://github.com/mwiede/jsch/pull/461Release Notes
cve@mitre.orghttps://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16Patch
cve@mitre.orghttps://github.com/openssh/openssh-portable/commits/masterPatch
cve@mitre.orghttps://github.com/paramiko/paramiko/issues/2337Issue Tracking
cve@mitre.orghttps://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTESRelease Notes
cve@mitre.orghttps://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTESRelease Notes
cve@mitre.orghttps://github.com/proftpd/proftpd/blob/master/RELEASE_NOTESRelease Notes
cve@mitre.orghttps://github.com/proftpd/proftpd/issues/456Issue Tracking
cve@mitre.orghttps://github.com/rapier1/hpn-ssh/releasesRelease Notes
cve@mitre.orghttps://github.com/ronf/asyncssh/blob/develop/docs/changes.rstRelease Notes
cve@mitre.orghttps://github.com/ronf/asyncssh/tagsRelease Notes
cve@mitre.orghttps://github.com/ssh-mitm/ssh-mitm/issues/165Issue Tracking
cve@mitre.orghttps://github.com/warp-tech/russh/releases/tag/v0.40.2Release Notes
cve@mitre.orghttps://gitlab.com/libssh/libssh-mirror/-/tagsRelease Notes
cve@mitre.orghttps://groups.google.com/g/golang-announce/c/-n5WqVC18LQMailing List
cve@mitre.orghttps://groups.google.com/g/golang-announce/c/qA3XtxvMUygMailing List
cve@mitre.orghttps://help.panic.com/releasenotes/transmit5/Release Notes
cve@mitre.orghttps://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/Press/Media Coverage
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/12/msg00017.htmlMailing List
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2024/01/msg00013.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2024/01/msg00014.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2024/04/msg00016.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/Vendor Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/Mailing List, Third Party Advisory
cve@mitre.orghttps://matt.ucc.asn.au/dropbear/CHANGESRelease Notes
cve@mitre.orghttps://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQCPatch
cve@mitre.orghttps://news.ycombinator.com/item?id=38684904Issue Tracking
cve@mitre.orghttps://news.ycombinator.com/item?id=38685286Issue Tracking
cve@mitre.orghttps://news.ycombinator.com/item?id=38732005Issue Tracking
cve@mitre.orghttps://nova.app/releases/#v11.8Release Notes
cve@mitre.orghttps://oryx-embedded.com/download/#changelogRelease Notes
cve@mitre.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002Third Party Advisory
cve@mitre.orghttps://roumenpetrov.info/secsh/#news20231220Release Notes
cve@mitre.orghttps://security-tracker.debian.org/tracker/CVE-2023-48795Vendor Advisory
cve@mitre.orghttps://security-tracker.debian.org/tracker/source-package/libssh2Vendor Advisory
cve@mitre.orghttps://security-tracker.debian.org/tracker/source-package/proftpd-dfsgVendor Advisory
cve@mitre.orghttps://security-tracker.debian.org/tracker/source-package/trilead-ssh2Issue Tracking
cve@mitre.orghttps://security.gentoo.org/glsa/202312-16Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202312-17Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20240105-0004/Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT214084Third Party Advisory
cve@mitre.orghttps://thorntech.com/cve-2023-48795-and-sftp-gateway/Third Party Advisory
cve@mitre.orghttps://twitter.com/TrueSkrillor/status/1736774389725565005Press/Media Coverage
cve@mitre.orghttps://ubuntu.com/security/CVE-2023-48795Vendor Advisory
cve@mitre.orghttps://winscp.net/eng/docs/history#6.2.2Release Notes
cve@mitre.orghttps://www.bitvise.com/ssh-client-version-history#933Release Notes
cve@mitre.orghttps://www.bitvise.com/ssh-server-version-historyRelease Notes
cve@mitre.orghttps://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease Notes
cve@mitre.orghttps://www.crushftp.com/crush10wiki/Wiki.jsp?page=UpdateRelease Notes
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5586Issue Tracking
cve@mitre.orghttps://www.debian.org/security/2023/dsa-5588Issue Tracking
cve@mitre.orghttps://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.ascRelease Notes
cve@mitre.orghttps://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508Vendor Advisory
cve@mitre.orghttps://www.netsarang.com/en/xshell-update-history/Release Notes
cve@mitre.orghttps://www.openssh.com/openbsd.htmlRelease Notes
cve@mitre.orghttps://www.openssh.com/txt/release-9.6Release Notes
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2023/12/18/2Mailing List
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2023/12/20/3Mailing List, Mitigation
cve@mitre.orghttps://www.paramiko.org/changelog.htmlRelease Notes
cve@mitre.orghttps://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/Issue Tracking
cve@mitre.orghttps://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/Press/Media Coverage
cve@mitre.orghttps://www.terrapin-attack.comExploit
cve@mitre.orghttps://www.theregister.com/2023/12/20/terrapin_attack_sshPress/Media Coverage
cve@mitre.orghttps://www.vandyke.com/products/securecrt/history.txtRelease Notes
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2024/Mar/21Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/12/18/3Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/12/19/5Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2023/12/20/3Mailing List, Mitigation
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/03/06/3Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/04/17/8Mailing List
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/cve-2023-48795Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://bugs.gentoo.org/920280Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2254210Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1217950Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://crates.io/crates/thrussh/versionsRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://filezilla-project.org/versions.phpRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://forum.netgate.com/topic/184941/terrapin-ssh-attackIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/NixOS/nixpkgs/pull/275249Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/PowerShell/Win32-OpenSSH/issues/2189Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-BetaRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/TeraTermProject/teraterm/releases/tag/v5.1Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/advisories/GHSA-45x7-px36-x8w8Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/apache/mina-sshd/issues/445Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173abPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cyd01/KiTTY/issues/520Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/drakkan/sftpgo/releases/tag/v2.5.6Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/erlang/otp/releases/tag/OTP-26.2.1Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05dPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/hierynomus/sshj/issues/916Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/janmojzis/tinyssh/issues/81Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/libssh2/libssh2/pull/1291Mitigation
af854a3a-2127-422b-91ae-364da2661108https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/mwiede/jsch/issues/457Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/mwiede/jsch/pull/461Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openssh/openssh-portable/commits/masterPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/paramiko/paramiko/issues/2337Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTESRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTESRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTESRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/proftpd/proftpd/issues/456Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/rapier1/hpn-ssh/releasesRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/ronf/asyncssh/blob/develop/docs/changes.rstRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/ronf/asyncssh/tagsRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/ssh-mitm/ssh-mitm/issues/165Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/warp-tech/russh/releases/tag/v0.40.2Release Notes
af854a3a-2127-422b-91ae-364da2661108https://gitlab.com/libssh/libssh-mirror/-/tagsRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/g/golang-announce/c/-n5WqVC18LQMailing List
af854a3a-2127-422b-91ae-364da2661108https://groups.google.com/g/golang-announce/c/qA3XtxvMUygMailing List
af854a3a-2127-422b-91ae-364da2661108https://help.panic.com/releasenotes/transmit5/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/12/msg00017.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/01/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/01/msg00014.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/04/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://matt.ucc.asn.au/dropbear/CHANGESRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQCPatch
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=38684904Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=38685286Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=38732005Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://nova.app/releases/#v11.8Release Notes
af854a3a-2127-422b-91ae-364da2661108https://oryx-embedded.com/download/#changelogRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://roumenpetrov.info/secsh/#news20231220Release Notes
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2023-48795Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/source-package/libssh2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/source-package/proftpd-dfsgVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/source-package/trilead-ssh2Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202312-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202312-17Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240105-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT214084Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://thorntech.com/cve-2023-48795-and-sftp-gateway/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://twitter.com/TrueSkrillor/status/1736774389725565005Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://ubuntu.com/security/CVE-2023-48795Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://winscp.net/eng/docs/history#6.2.2Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.bitvise.com/ssh-client-version-history#933Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.bitvise.com/ssh-server-version-historyRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://www.crushftp.com/crush10wiki/Wiki.jsp?page=UpdateRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5586Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5588Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.ascRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.netsarang.com/en/xshell-update-history/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.openssh.com/openbsd.htmlRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://www.openssh.com/txt/release-9.6Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2023/12/18/2Mailing List
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2023/12/20/3Mailing List, Mitigation
af854a3a-2127-422b-91ae-364da2661108https://www.paramiko.org/changelog.htmlRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://www.terrapin-attack.comExploit
af854a3a-2127-422b-91ae-364da2661108https://www.theregister.com/2023/12/20/terrapin_attack_sshPress/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://www.vandyke.com/products/securecrt/history.txtRelease Notes
Impacted products
Vendor Product Version
openbsd openssh *
putty putty *
filezilla-project filezilla_client *
microsoft powershell *
apple macos -
panic transmit_5 *
apple macos -
panic nova *
roumenpetrov pkixssh *
winscp winscp *
bitvise ssh_client *
bitvise ssh_server *
lancom-systems lcos *
lancom-systems lcos_fx -
lancom-systems lcos_lx -
lancom-systems lcos_sx 4.20
lancom-systems lcos_sx 5.20
lancom-systems lanconfig -
vandyke securecrt *
libssh libssh *
net-ssh net-ssh 7.2.0
ssh2_project ssh2 *
proftpd proftpd *
freebsd freebsd *
crates thrussh *
tera_term_project tera_term *
oryx-embedded cyclone_ssh *
crushftp crushftp *
netsarang xshell_7 *
paramiko paramiko *
redhat openshift_container_platform 4.0
redhat openstack_platform 16.1
redhat openstack_platform 16.2
redhat openstack_platform 17.1
redhat ceph_storage 6.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat openshift_serverless -
redhat openshift_gitops -
redhat openshift_pipelines -
redhat openshift_developer_tools_and_services -
redhat openshift_data_foundation 4.0
redhat openshift_api_for_data_protection -
redhat openshift_virtualization 4
redhat storage 3.0
redhat discovery -
redhat openshift_dev_spaces -
redhat cert-manager_operator_for_red_hat_openshift -
redhat keycloak -
redhat jboss_enterprise_application_platform 7.0
redhat single_sign-on 7.0
redhat advanced_cluster_security 3.0
redhat advanced_cluster_security 4.0
golang crypto *
russh_project russh *
sftpgo_project sftpgo *
erlang erlang\/otp *
matez jsch *
libssh2 libssh2 *
asyncssh_project asyncssh *
dropbear_ssh_project dropbear_ssh *
jadaptive maverick_synergy_java_ssh_api *
ssh ssh *
thorntech sftp_gateway_firmware *
netgate pfsense_plus *
netgate pfsense_ce *
crushftp crushftp *
connectbot sshlib *
apache sshd *
apache sshj *
tinyssh tinyssh *
trilead ssh2 6401
9bis kitty *
gentoo security -
debian debian_linux -
fedoraproject fedora 38
fedoraproject fedora 39
debian debian_linux 10.0
apple macos *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5308FBBB-F738-41C5-97A4-E40118E957CD",
                     versionEndExcluding: "9.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A9D807DB-9E20-4792-8A9F-4BFFC841BAB7",
                     versionEndExcluding: "0.80",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "42915485-A4DA-48DD-9C15-415D2D39DC52",
                     versionEndExcluding: "3.66.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9F37C9AC-185F-403A-A79B-2D5C8E11AFC4",
                     versionEndIncluding: "11.1.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:panic:transmit_5:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "31FFE0AA-FC25-40DE-8EE9-7F4C80ABDE4F",
                     versionEndExcluding: "5.10.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "387021A0-AF36-463C-A605-32EA7DAC172E",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:panic:nova:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2FCF7EF-97D7-44CF-AC74-72D856901755",
                     versionEndExcluding: "11.8",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:roumenpetrov:pkixssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "53CAD263-1C60-43BD-86A2-C8DB15FFB4C6",
                     versionEndExcluding: "14.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8FA57F20-C9C1-40A7-B2CD-F3440CCF1D66",
                     versionEndExcluding: "6.2.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:bitvise:ssh_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6209E375-10C7-4E65-A2E7-455A686717AC",
                     versionEndExcluding: "9.33",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:bitvise:ssh_server:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1A05CC3C-19C5-4BAA-ABA2-EE1795E0BE81",
                     versionEndExcluding: "9.32",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:lancom-systems:lcos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A71B523-0778-46C6-A38B-64452E0BB6E7",
                     versionEndIncluding: "3.66.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:lancom-systems:lcos_fx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "F1C91308-15E5-40AF-B4D5-3CAD7BC65DDF",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:lancom-systems:lcos_lx:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "418940E3-6DD1-4AA6-846A-03E059D0C681",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:lancom-systems:lcos_sx:4.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "411BA58A-33B6-44CA-B9D6-7F9042D46961",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:lancom-systems:lcos_sx:5.20:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA17A153-30E4-4731-8706-8F74FCA50993",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:lancom-systems:lanconfig:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "FB736F57-9BE3-4457-A10E-FA88D0932154",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:vandyke:securecrt:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6EB8D02D-87F3-414D-A3EA-43F594DAAC1B",
                     versionEndExcluding: "9.4.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "AAB481DA-FBFE-4CC2-9AE7-22025FA07494",
                     versionEndExcluding: "0.10.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:net-ssh:net-ssh:7.2.0:*:*:*:*:ruby:*:*",
                     matchCriteriaId: "3D6FD459-F8E8-4126-8097-D30B4639404A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ssh2_project:ssh2:*:*:*:*:*:node.js:*:*",
                     matchCriteriaId: "69510F52-C699-4E7D-87EF-7000682888F0",
                     versionEndIncluding: "1.11.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9461430B-3709-45B6-8858-2101F5AE4481",
                     versionEndIncluding: "1.3.8b",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B9A01DF3-E20E-4F29-B5CF-DDF717D01E74",
                     versionEndIncluding: "12.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:crates:thrussh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D25EB73D-6145-4B7D-8F14-80FD0B458E99",
                     versionEndExcluding: "0.35.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:tera_term_project:tera_term:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "77594DEC-B5F7-4911-A13D-FFE91C74BAFA",
                     versionEndIncluding: "5.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:oryx-embedded:cyclone_ssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F8FF7E74-2351-4CD9-B717-FA28893293A1",
                     versionEndExcluding: "2.3.4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "82A93C12-FEB6-4E82-B283-0ED7820D807E",
                     versionEndIncluding: "10.6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netsarang:xshell_7:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B480AE79-2FA1-4281-9F0D-0DE812B9354D",
                     versionEndExcluding: "build__0144",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:paramiko:paramiko:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "826B6323-06F8-4B96-8771-3FA15A727B08",
                     versionEndExcluding: "3.4.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "932D137F-528B-4526-9A89-CD59FA1AB0FE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openstack_platform:16.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DCC81071-B46D-4F5D-AC25-B4A4CCC20C73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack_platform:16.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B3000D2-35DF-4A93-9FC0-1AD3AB8349B8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:openstack_platform:17.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "E315FC5C-FF19-43C9-A58A-CF2A5FF13824",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:ceph_storage:6.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA7EAD12-E398-44AF-9859-F3CA6C63BA6B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_serverless:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "77675CB7-67D7-44E9-B7FF-D224B3341AA5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_gitops:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C0AAA300-691A-4957-8B69-F6888CC971B1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_pipelines:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "45937289-2D64-47CB-A750-5B4F0D4664A0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "97321212-0E07-4CC2-A917-7B5F61AB9A5A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_data_foundation:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E2C021C-A9F0-4EB4-ADED-81D8B57B4563",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_api_for_data_protection:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7BF8EFFB-5686-4F28-A68F-1A8854E098CE",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_virtualization:4:*:*:*:*:*:*:*",
                     matchCriteriaId: "9C877879-B84B-471C-80CF-0656521CA8AB",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "379A5883-F6DF-41F5-9403-8D17F6605737",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:discovery:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "B5B1D946-5978-4818-BF21-A43D9C1365E1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:openshift_dev_spaces:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "99B8A88B-0B31-4CFF-AFD7-C9D3DDD5790D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:cert-manager_operator_for_red_hat_openshift:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6D5A7736-A403-4617-8790-18E46CB74DA6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E0DE4E1-5D8D-40F3-8AC8-C7F736966158",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "88BF3B2C-B121-483A-AEF2-8082F6DA5310",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:redhat:advanced_cluster_security:3.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F0FD736A-8730-446A-BA3A-7B608DB62B0E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:redhat:advanced_cluster_security:4.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4C504B6-3902-46E2-82B7-48AEC9CDD48D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:golang:crypto:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F92E56DF-98DF-4328-B37E-4D5744E4103D",
                     versionEndExcluding: "0.17.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:russh_project:russh:*:*:*:*:*:rust:*:*",
                     matchCriteriaId: "AC12508E-3C31-44EA-B4F3-29316BE9B189",
                     versionEndExcluding: "0.40.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:sftpgo_project:sftpgo:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1750028C-698D-4E84-B727-8A155A46ADEB",
                     versionEndExcluding: "2.5.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3A9A8E99-7F4A-4B74-B86B-8B3E8B2A8776",
                     versionEndExcluding: "26.2.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:matez:jsch:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "61119DB3-4336-4D3B-863A-0CCF4146E5C1",
                     versionEndExcluding: "0.2.15",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "7BFDD272-3DF0-4E3F-B69A-E7ABF4B18B24",
                     versionEndExcluding: "1.11.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:asyncssh_project:asyncssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAE46983-0ABC-49F7-AC18-A78FAC7E73AA",
                     versionEndExcluding: "2.14.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:dropbear_ssh_project:dropbear_ssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "06BF3368-F232-4E6B-883E-A591EED5C827",
                     versionEndExcluding: "2022.83",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:jadaptive:maverick_synergy_java_ssh_api:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "36531FB6-5682-4BF1-9785-E9D6D1C4207B",
                     versionEndExcluding: "3.1.0-snapshot",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "514ED687-0D7B-479B-82C5-7EB1A5EEC94C",
                     versionEndExcluding: "5.11",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:thorntech:sftp_gateway_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83B1AF39-C0B9-4031-B19A-BDDD4F337273",
                     versionEndExcluding: "3.4.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netgate:pfsense_plus:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2B71B0EF-888E-45E2-A055-F59CDCC1AFC7",
                     versionEndIncluding: "23.09.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netgate:pfsense_ce:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "8F23CDF7-2881-4B4E-B84F-4E04F4ED8CCF",
                     versionEndIncluding: "2.7.2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:crushftp:crushftp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C1795F7A-203F-400E-B09C-0FAF16D01CFC",
                     versionEndExcluding: "10.6.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:connectbot:sshlib:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D79DDDD-02F0-4C12-BE7F-1B9DF1722C7A",
                     versionEndExcluding: "2.2.22",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E2D7B0CA-C01F-4296-9425-48299E3889C5",
                     versionEndIncluding: "2.11.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:sshj:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "1C3EB0B8-9E76-4146-AB02-02E20B91D55C",
                     versionEndIncluding: "0.37.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:tinyssh:tinyssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0582468A-149B-429F-978A-2AEDF4BE2606",
                     versionEndIncluding: "20230101",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:trilead:ssh2:6401:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E4BAF06-5A79-46D7-8C4F-E670BD6B7C2D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:9bis:kitty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "98321BF9-5E8F-4836-842C-47713B1C2775",
                     versionEndIncluding: "0.76.1.13",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:gentoo:security:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "76BDAFDE-4515-42E6-820F-38AF4A786CF2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5920923E-0D52-44E5-801D-10B82846ED58",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "73160D1F-755B-46D2-969F-DF8E43BB1099",
                     versionEndExcluding: "14.4",
                     versionStartIncluding: "14.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
      },
      {
         lang: "es",
         value: "El protocolo de transporte SSH con ciertas extensiones OpenSSH, que se encuentra en OpenSSH anterior a 9.6 y otros productos, permite a atacantes remotos eludir las comprobaciones de integridad de modo que algunos paquetes se omiten (del mensaje de negociación de extensión) y, en consecuencia, un cliente y un servidor pueden terminar con una conexión para la cual algunas características de seguridad han sido degradadas o deshabilitadas, también conocido como un ataque Terrapin. Esto ocurre porque SSH Binary Packet Protocol (BPP), implementado por estas extensiones, maneja mal la fase de protocolo de enlace y el uso de números de secuencia. Por ejemplo, existe un ataque eficaz contra ChaCha20-Poly1305 (y CBC con Encrypt-then-MAC). La omisión se produce en chacha20-poly1305@openssh.com y (si se utiliza CBC) en los algoritmos MAC -etm@openssh.com. Esto también afecta a Maverick Synergy Java SSH API anterior a 3.1.0-SNAPSHOT, Dropbear hasta 2022.83, Ssh anterior a 5.1.1 en Erlang/OTP, PuTTY anterior a 0.80 y AsyncSSH anterior a 2.14.2; y podría haber efectos en Bitvise SSH hasta la versión 9.31, libssh hasta la 0.10.5 y golang.org/x/crypto hasta el 17 de diciembre de 2023.",
      },
   ],
   id: "CVE-2023-48795",
   lastModified: "2024-12-02T14:54:27.177",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-12-18T16:15:10.897",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2024/Mar/21",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/12/18/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/12/19/5",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Mitigation",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/12/20/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2024/03/06/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2024/04/17/8",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2023-48795",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugs.gentoo.org/920280",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://crates.io/crates/thrussh/versions",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://filezilla-project.org/versions.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/NixOS/nixpkgs/pull/275249",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-45x7-px36-x8w8",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/apache/mina-sshd/issues/445",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/cyd01/KiTTY/issues/520",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/hierynomus/sshj/issues/916",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/janmojzis/tinyssh/issues/81",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mitigation",
         ],
         url: "https://github.com/libssh2/libssh2/pull/1291",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/mwiede/jsch/issues/457",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/mwiede/jsch/pull/461",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openssh/openssh-portable/commits/master",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/paramiko/paramiko/issues/2337",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/proftpd/proftpd/issues/456",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/rapier1/hpn-ssh/releases",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/ronf/asyncssh/tags",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/ssh-mitm/ssh-mitm/issues/165",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://gitlab.com/libssh/libssh-mirror/-/tags",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://help.panic.com/releasenotes/transmit5/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://matt.ucc.asn.au/dropbear/CHANGES",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=38684904",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=38685286",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=38732005",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://nova.app/releases/#v11.8",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://oryx-embedded.com/download/#changelog",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://roumenpetrov.info/secsh/#news20231220",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2023-48795",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/source-package/libssh2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202312-16",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202312-17",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240105-0004/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT214084",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://twitter.com/TrueSkrillor/status/1736774389725565005",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://ubuntu.com/security/CVE-2023-48795",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://winscp.net/eng/docs/history#6.2.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.bitvise.com/ssh-client-version-history#933",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.bitvise.com/ssh-server-version-history",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://www.debian.org/security/2023/dsa-5586",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://www.debian.org/security/2023/dsa-5588",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.netsarang.com/en/xshell-update-history/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.openssh.com/openbsd.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.openssh.com/txt/release-9.6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
         ],
         url: "https://www.openwall.com/lists/oss-security/2023/12/18/2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Mitigation",
         ],
         url: "https://www.openwall.com/lists/oss-security/2023/12/20/3",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.paramiko.org/changelog.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "https://www.terrapin-attack.com",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://www.vandyke.com/products/securecrt/history.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://seclists.org/fulldisclosure/2024/Mar/21",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/12/18/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/12/19/5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Mitigation",
         ],
         url: "http://www.openwall.com/lists/oss-security/2023/12/20/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2024/03/06/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "http://www.openwall.com/lists/oss-security/2024/04/17/8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/security/cve/cve-2023-48795",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugs.gentoo.org/920280",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://crates.io/crates/thrussh/versions",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://filezilla-project.org/versions.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/NixOS/nixpkgs/pull/275249",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-45x7-px36-x8w8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/apache/mina-sshd/issues/445",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/cyd01/KiTTY/issues/520",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/hierynomus/sshj/issues/916",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/janmojzis/tinyssh/issues/81",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
         ],
         url: "https://github.com/libssh2/libssh2/pull/1291",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/mwiede/jsch/issues/457",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/mwiede/jsch/pull/461",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openssh/openssh-portable/commits/master",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/paramiko/paramiko/issues/2337",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/proftpd/proftpd/issues/456",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/rapier1/hpn-ssh/releases",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/ronf/asyncssh/tags",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://github.com/ssh-mitm/ssh-mitm/issues/165",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://gitlab.com/libssh/libssh-mirror/-/tags",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://help.panic.com/releasenotes/transmit5/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://matt.ucc.asn.au/dropbear/CHANGES",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=38684904",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=38685286",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=38732005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://nova.app/releases/#v11.8",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://oryx-embedded.com/download/#changelog",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://roumenpetrov.info/secsh/#news20231220",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2023-48795",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/source-package/libssh2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202312-16",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202312-17",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20240105-0004/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://support.apple.com/kb/HT214084",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://twitter.com/TrueSkrillor/status/1736774389725565005",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://ubuntu.com/security/CVE-2023-48795",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://winscp.net/eng/docs/history#6.2.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.bitvise.com/ssh-client-version-history#933",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.bitvise.com/ssh-server-version-history",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://www.debian.org/security/2023/dsa-5586",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://www.debian.org/security/2023/dsa-5588",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.netsarang.com/en/xshell-update-history/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.openssh.com/openbsd.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.openssh.com/txt/release-9.6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
         ],
         url: "https://www.openwall.com/lists/oss-security/2023/12/18/2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Mitigation",
         ],
         url: "https://www.openwall.com/lists/oss-security/2023/12/20/3",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.paramiko.org/changelog.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "https://www.terrapin-attack.com",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://www.vandyke.com/products/securecrt/history.txt",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-354",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-23 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Impacted products
Vendor Product Version
cisco ios 12.0s
cisco ios 12.0st
cisco ios 12.1e
cisco ios 12.1ea
cisco ios 12.1t
cisco ios 12.2
cisco ios 12.2s
cisco ios 12.2t
fissh ssh_client 1.0a_for_windows
intersoft securenetterm 5.4.1
netcomposite shellguard_ssh 3.4.6
pragma_systems secureshell 2.0
putty putty 0.48
putty putty 0.49
putty putty 0.53
winscp winscp 2.0.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C398460-3F38-4AA7-A4B1-FD8A01588DB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBEA01D2-B985-4575-AF00-144CE2E3024D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                     matchCriteriaId: "7126E176-D739-4102-8F10-1EEB8C6A219D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                     matchCriteriaId: "E90C0554-1A50-4341-AB07-80AA854673D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                     matchCriteriaId: "752C3C6B-910D-4153-A162-DF255F60306B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D035A35-D53E-4C49-B4E4-F40B85866F27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                     matchCriteriaId: "84900BB3-B49F-448A-9E04-FE423FBCCC4F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F994C47-04BA-4286-B206-7EC8844E39A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06F753D5-DAAD-491E-8158-1C3CE9C30274",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4343CA3-F040-4FBE-A688-048BBB3993F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5259078F-BA9C-4EAB-A331-DCA621D187D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "58BA8E70-9491-4D4F-9182-2F48347BF6FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "833B5B6D-9A6B-4F25-81B0-F27D82940F8D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
      },
   ],
   id: "CVE-2002-1357",
   lastModified: "2024-11-20T23:41:06.703",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-23T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/389665",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/6405",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10868",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5849",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/389665",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/6405",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10868",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5849",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-119",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-10 21:29
Modified
2024-11-21 04:01
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
References
cve@mitre.orghttp://www.securityfocus.com/bid/106531Broken Link
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
cve@mitre.orghttps://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=hPatch
cve@mitre.orghttps://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2Patch
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201903-16Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/202007-53Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190215-0001/Third Party Advisory
cve@mitre.orghttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtPatch, Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3885-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4387Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106531Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=hPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2Patch
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202007-53Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190215-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3885-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4387Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
                     versionEndIncluding: "7.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D0A98E2-B715-4EF5-9CF8-07500E119271",
                     versionEndIncluding: "5.13",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                     matchCriteriaId: "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "66D6EF49-7094-41D9-BDF5-AE5846E37418",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6593DA00-EE33-4223-BEAE-8DC629E79287",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "67E048EC-4A4F-4F0A-B0B5-F234700293DA",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "483F5457-7E06-46F3-A808-194289B98AFF",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5644E3E-941A-429A-9AFB-C1023659C1C2",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C1318DD-6AF4-490D-A4AE-079BA544EF8F",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
      },
      {
         lang: "es",
         value: "En OpenSSH 7.9, scp.c en el cliente scp permite que los servidores SSH omitan las restricciones de acceso planeadas mediante un nombre de archivo \".\" o un nombre de archivo vacío. El impacto consiste en modificar los permisos del directorio objetivo en el lado del cliente.",
      },
   ],
   id: "CVE-2018-20685",
   lastModified: "2024-11-21T04:01:59.800",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "LOW",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 2.6,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-10T21:29:00.377",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.securityfocus.com/bid/106531",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3702",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202007-53",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190215-0001/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4387",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.securityfocus.com/bid/106531",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3702",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/202007-53",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190215-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4387",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-863",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2007-09-17 17:17
Modified
2024-11-21 00:36
Severity ?
Summary
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
Impacted products
Vendor Product Version
winscp winscp 2.0.0
winscp winscp 3.5.5_beta
winscp winscp 3.5.6
winscp winscp 3.6
winscp winscp 3.6.1
winscp winscp 3.6.5_beta
winscp winscp 3.6.6
winscp winscp 3.6.7
winscp winscp 3.8.1
winscp winscp 3.8.2
winscp winscp 4.0.2
winscp winscp 4.0.3



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "833B5B6D-9A6B-4F25-81B0-F27D82940F8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.5.5_beta:*:*:*:*:*:*:*",
                     matchCriteriaId: "1441C593-8BA8-4D10-BE13-4D4D01B5ACB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "9FEE92BE-F80D-481E-95DF-2C33E8DE3D3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "61A75DF1-1A3E-4898-B7A6-750F9FA8D1A6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "79C692ED-9C28-4CAA-B72A-4CCC78AE8680",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.6.5_beta:*:*:*:*:*:*:*",
                     matchCriteriaId: "D214F458-12B5-4280-AF10-33426933992E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.6.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "BD7FE4B2-2433-4B7F-BFA2-DCDEC32F329E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.6.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "B57BACA5-6820-48BB-906F-6AA010429F18",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA9F9BEF-14B6-429B-915F-45958C568F76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "89254511-B715-4515-AA6F-86133A2182CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.0.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "FDD786A3-A146-4E4B-90C4-D9F8A2E7D986",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:4.0.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "200669EB-F6A1-4C6F-9939-EB3ADB472161",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.",
      },
      {
         lang: "es",
         value: "Conflicto de interpretación en WinSCP anterior a 4.0.4 permite a atacantes remotos llevar a cabo transferencias de archvios de su elección con un servidor remoto a través de comandos de transferencia de archivos en la porción final de un (1) scp, y posiblemente un (2)sftp o (3) ftp, URL, tal y como se demostró con la validación de una URL específica en un servidor remoto con un nombre de usuario de scp, el cual es interpretado como un nombre de esquema HTTP a través del manejador de protocolo del navegador web, pero este es interpretado como un nombre de usuario por WinSCP. NOTA: esto está relacionado con un parche incompleto para CVE-2006-3015.",
      },
   ],
   id: "CVE-2007-4909",
   lastModified: "2024-11-21T00:36:41.780",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 9.3,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2007-09-17T17:17:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/26820",
      },
      {
         source: "cve@mitre.org",
         url: "http://securityreason.com/securityalert/3141",
      },
      {
         source: "cve@mitre.org",
         url: "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30",
      },
      {
         source: "cve@mitre.org",
         url: "http://winscp.net/eng/docs/history/",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/479298/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/25655",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securitytracker.com/id?1018697",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/26820",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/3141",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://winscp.net/eng/docs/history/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/479298/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
         ],
         url: "http://www.securityfocus.com/bid/25655",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id?1018697",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-264",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2021-01-27 21:15
Modified
2024-11-21 06:21
Severity ?
Summary
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
Impacted products
Vendor Product Version
winscp winscp *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C081564B-8EF8-4C8A-9EB0-1C50D5A8F18B",
                     versionEndExcluding: "5.17.10",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)",
      },
      {
         lang: "es",
         value: "WinSCP anterior a la versión 5.17.10 permite a los atacantes remotos ejecutar programas arbitrarios cuando el manejador de URLs encuentra una URL manipulada que carga la configuración de la sesión. (Por ejemplo, esto es explotable en una instalación por defecto en la que WinSCP es el manejador de URLs sftp://)",
      },
   ],
   id: "CVE-2021-3331",
   lastModified: "2024-11-21T06:21:18.807",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2021-01-27T21:15:16.840",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/eng/docs/history#5.17.10",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://winscp.net/eng/docs/rawsettings",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/tracker/1943",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/eng/docs/history#5.17.10",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://winscp.net/eng/docs/rawsettings",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/tracker/1943",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2020-11-23 19:15
Modified
2024-11-21 05:23
Severity ?
Summary
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
Impacted products
Vendor Product Version
winscp winscp 5.17.8



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.17.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "74B575CF-70DF-4B02-9911-232FE2ADCF5C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.",
      },
      {
         lang: "es",
         value: "El desbordamiento del búfer en WinSCP versión 5.17.8, permite a un servidor FTP malicioso causar una denegación de servicio o posiblemente tener otro impacto no especificado por medio de un nombre de archivo largo",
      },
   ],
   id: "CVE-2020-28864",
   lastModified: "2024-11-21T05:23:12.920",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2020-11-23T19:15:11.350",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://winscp.net/forum/viewtopic.php?t=30085",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/tracker/1924",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://winscp.net/forum/viewtopic.php?t=30085",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/tracker/1924",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-120",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2006-06-14 15:06
Modified
2024-11-21 00:12
Severity ?
Summary
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.htmlBroken Link
cve@mitre.orghttp://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.htmlBroken Link, Exploit
cve@mitre.orghttp://secunia.com/advisories/20575Broken Link, Vendor Advisory
cve@mitre.orghttp://winscp.net/eng/docs/history#3.8.2Release Notes
cve@mitre.orghttp://www.kb.cert.org/vuls/id/912588Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.securityfocus.com/bid/18384Broken Link, Exploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2289Broken Link
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/27075Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.htmlBroken Link, Exploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20575Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://winscp.net/eng/docs/history#3.8.2Release Notes
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/912588Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18384Broken Link, Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2289Broken Link
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/27075Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
winscp winscp 3.8.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:3.8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "FA9F9BEF-14B6-429B-915F-45958C568F76",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección de argumento en WinSCP 3.8.1 build 328 permite a atacantes remotos subir o descargar archivos arbitrarios a través de espacios codificados y caracteres de comillas dobles en un URI scp o sftp.",
      },
   ],
   id: "CVE-2006-3015",
   lastModified: "2024-11-21T00:12:37.320",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 7.1,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:H/Au:N/C:C/I:C/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 9.2,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2006-06-14T15:06:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Exploit",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/20575",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "http://winscp.net/eng/docs/history#3.8.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/912588",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/18384",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2006/2289",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
         ],
         url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/20575",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "http://winscp.net/eng/docs/history#3.8.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.kb.cert.org/vuls/id/912588",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/18384",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://www.vupen.com/english/advisories/2006/2289",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-88",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-04-15 20:15
Modified
2024-11-21 09:13
Summary
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2024/04/15/6Mailing List, Third Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=2275183Issue Tracking
cve@mitre.orghttps://bugzilla.suse.com/show_bug.cgi?id=1222864Issue Tracking
cve@mitre.orghttps://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-puttyProduct
cve@mitre.orghttps://filezilla-project.org/versions.phpRelease Notes
cve@mitre.orghttps://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.gitMailing List, Patch
cve@mitre.orghttps://github.com/advisories/GHSA-6p4c-r453-8743Third Party Advisory
cve@mitre.orghttps://github.com/daedalus/BreakingECDSAwithLLLThird Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2024/06/msg00014.html
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/Mailing List, Third Party Advisory
cve@mitre.orghttps://news.ycombinator.com/item?id=40044665Issue Tracking
cve@mitre.orghttps://security-tracker.debian.org/tracker/CVE-2024-31497Third Party Advisory
cve@mitre.orghttps://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/Press/Media Coverage
cve@mitre.orghttps://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forwardProduct
cve@mitre.orghttps://tortoisegit.orgThird Party Advisory
cve@mitre.orghttps://twitter.com/CCBalert/status/1780229237569470549Press/Media Coverage
cve@mitre.orghttps://twitter.com/lambdafu/status/1779969509522133272Press/Media Coverage
cve@mitre.orghttps://winscp.net/eng/news.phpThird Party Advisory
cve@mitre.orghttps://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/Press/Media Coverage
cve@mitre.orghttps://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease Notes, Vendor Advisory
cve@mitre.orghttps://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.htmlVendor Advisory
cve@mitre.orghttps://www.openwall.com/lists/oss-security/2024/04/15/6Mailing List, Third Party Advisory
cve@mitre.orghttps://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2024/04/15/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2275183Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.suse.com/show_bug.cgi?id=1222864Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-puttyProduct
af854a3a-2127-422b-91ae-364da2661108https://filezilla-project.org/versions.phpRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.gitMailing List, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/advisories/GHSA-6p4c-r453-8743Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/daedalus/BreakingECDSAwithLLLThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=40044665Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security-tracker.debian.org/tracker/CVE-2024-31497Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forwardProduct
af854a3a-2127-422b-91ae-364da2661108https://tortoisegit.orgThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://twitter.com/CCBalert/status/1780229237569470549Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://twitter.com/lambdafu/status/1779969509522133272Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://winscp.net/eng/news.phpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openwall.com/lists/oss-security/2024/04/15/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://www.vicarius.io/vsociety/posts/understanding-a-critical-vulnerability-in-putty-biased-ecdsa-nonce-generation-revealing-nist-p-521-private-keys-cve-2024-31497



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:putty:putty:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "E0D6294C-4365-4187-8053-35F3AAC5229F",
                     versionEndExcluding: "0.81",
                     versionStartIncluding: "0.68",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:filezilla-project:filezilla_client:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A0E9886A-527F-444B-AFB3-33CF777182CC",
                     versionEndExcluding: "3.67.0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "5DA80FE9-039E-4BF4-AC16-6E65FFAB22A2",
                     versionEndExcluding: "6.3.3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:tortoisegit:tortoisegit:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "A1C171EB-2081-44AC-9017-B3BA3A88B10A",
                     versionEndExcluding: "2.15.0.1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:tigris:tortoisesvn:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "26F28A31-E86D-43C1-8043-2B8ECD723AF7",
                     versionEndExcluding: "1.14.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
                     matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
                     matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.",
      },
      {
         lang: "es",
         value: "En PuTTY 0.68 a 0.80 antes de 0.81, la generación nonce ECDSA sesgada permite a un atacante recuperar la clave secreta NIST P-521 de un usuario mediante un ataque rápido en aproximadamente 60 firmas. Esto es especialmente importante en un escenario en el que un adversario puede leer mensajes firmados por PuTTY o Pageant. El conjunto requerido de mensajes firmados puede ser legible públicamente porque están almacenados en un servicio público Git que admite el uso de SSH para la firma de confirmación, y Pageant realizó las firmas a través de un mecanismo de reenvío de agentes. En otras palabras, es posible que un adversario ya tenga suficiente información de firma para comprometer la clave privada de una víctima, incluso si no se utilizan más versiones vulnerables de PuTTY. Después de un compromiso clave, un adversario puede realizar ataques a la cadena de suministro del software mantenido en Git. Un segundo escenario independiente es que el adversario sea un operador de un servidor SSH en el que la víctima se autentica (para inicio de sesión remoto o copia de archivos), aunque la víctima no confíe plenamente en este servidor y la víctima utilice la misma clave privada. para conexiones SSH a otros servicios operados por otras entidades. Aquí, el operador del servidor fraudulento (que de otro modo no tendría forma de determinar la clave privada de la víctima) puede obtener la clave privada de la víctima y luego usarla para acceder no autorizado a esos otros servicios. Si los otros servicios incluyen servicios Git, nuevamente es posible realizar ataques a la cadena de suministro del software mantenido en Git. Esto también afecta, por ejemplo, a FileZilla anterior a 3.67.0, WinSCP anterior a 6.3.3, TortoiseGit anterior a 2.15.0.1 y TortoiseSVN hasta 1.14.6.",
      },
   ],
   id: "CVE-2024-31497",
   lastModified: "2024-11-21T09:13:38.997",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.9,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.2,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2024-04-15T20:15:11.077",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2024/04/15/6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2275183",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1222864",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://filezilla-project.org/versions.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-6p4c-r453-8743",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/daedalus/BreakingECDSAwithLLL",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=40044665",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2024-31497",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Product",
         ],
         url: "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tortoisegit.org",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://twitter.com/CCBalert/status/1780229237569470549",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://twitter.com/lambdafu/status/1779969509522133272",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://winscp.net/eng/news.php",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2024/04/15/6",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "http://www.openwall.com/lists/oss-security/2024/04/15/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.redhat.com/show_bug.cgi?id=2275183",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://bugzilla.suse.com/show_bug.cgi?id=1222864",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://filezilla-project.org/versions.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Patch",
         ],
         url: "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/advisories/GHSA-6p4c-r453-8743",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://github.com/daedalus/BreakingECDSAwithLLL",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Issue Tracking",
         ],
         url: "https://news.ycombinator.com/item?id=40044665",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security-tracker.debian.org/tracker/CVE-2024-31497",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Product",
         ],
         url: "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://tortoisegit.org",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://twitter.com/CCBalert/status/1780229237569470549",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://twitter.com/lambdafu/status/1779969509522133272",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://winscp.net/eng/news.php",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://www.openwall.com/lists/oss-security/2024/04/15/6",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.vicarius.io/vsociety/posts/understanding-a-critical-vulnerability-in-putty-biased-ecdsa-nonce-generation-revealing-nist-p-521-private-keys-cve-2024-31497",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-338",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-23 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
Impacted products
Vendor Product Version
cisco ios 12.0s
cisco ios 12.0st
cisco ios 12.1e
cisco ios 12.1ea
cisco ios 12.1t
cisco ios 12.2
cisco ios 12.2s
cisco ios 12.2t
fissh ssh_client 1.0a_for_windows
intersoft securenetterm 5.4.1
netcomposite shellguard_ssh 3.4.6
pragma_systems secureshell 2.0
putty putty 0.48
putty putty 0.49
putty putty 0.53
winscp winscp 2.0.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C398460-3F38-4AA7-A4B1-FD8A01588DB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBEA01D2-B985-4575-AF00-144CE2E3024D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                     matchCriteriaId: "7126E176-D739-4102-8F10-1EEB8C6A219D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                     matchCriteriaId: "E90C0554-1A50-4341-AB07-80AA854673D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                     matchCriteriaId: "752C3C6B-910D-4153-A162-DF255F60306B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D035A35-D53E-4C49-B4E4-F40B85866F27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                     matchCriteriaId: "84900BB3-B49F-448A-9E04-FE423FBCCC4F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F994C47-04BA-4286-B206-7EC8844E39A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06F753D5-DAAD-491E-8158-1C3CE9C30274",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4343CA3-F040-4FBE-A688-048BBB3993F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5259078F-BA9C-4EAB-A331-DCA621D187D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "58BA8E70-9491-4D4F-9182-2F48347BF6FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "833B5B6D-9A6B-4F25-81B0-F27D82940F8D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.",
      },
   ],
   id: "CVE-2002-1360",
   lastModified: "2024-11-20T23:41:07.153",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-23T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
                     versionEndIncluding: "7.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D0A98E2-B715-4EF5-9CF8-07500E119271",
                     versionEndIncluding: "5.13",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
      },
      {
         lang: "es",
         value: "En OpenSSH 7.9, debido a la aceptación y la nuestra de salidas stderr arbitrarias del servidor, un servidor malicioso (o atacante Man-in-the-Middle) puede manipular la salida del cliente, por ejemplo, para emplear códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo.",
      },
   ],
   id: "CVE-2019-6110",
   lastModified: "2024-11-21T04:45:57.737",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-31T18:29:00.807",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46193/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "https://www.exploit-db.com/exploits/46193/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-838",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-10 21:29
Modified
2024-11-21 04:01
Summary
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
Impacted products
Vendor Product Version
winscp winscp *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "C13D4EFE-E54E-4E74-998E-590660C121CF",
                     versionEndIncluding: "5.13.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.",
      },
      {
         lang: "es",
         value: "En WinSCP, en versiones anteriores a la 5.14 beta, debido a la falta de validación, la implementación de scp aceptaría archivos arbitrarios enviados por el servidor, lo que podría sobrescribir archivos no relacionados. Esto afecta a TSCPFileSystem::SCPSink en core/ScpFileSystem.cpp.",
      },
   ],
   id: "CVE-2018-20684",
   lastModified: "2024-11-21T04:01:59.637",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.4,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-10T21:29:00.297",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106526",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/eng/docs/history",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/tracker/1675",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/106526",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mitigation",
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/eng/docs/history",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://winscp.net/tracker/1675",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.oracle.com/security-alerts/cpujan2020.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2014-04-22 13:06
Modified
2024-11-21 02:06
Severity ?
Summary
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
Impacted products
Vendor Product Version
winscp winscp *
winscp winscp 5.5
winscp winscp 5.5.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3399C199-1979-4930-846B-40BA76E504C4",
                     versionEndIncluding: "5.5.2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "A16954E0-D1FF-484A-AF79-95ACBD0B51A2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:5.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F66F5C03-F433-45F8-9998-74CD944B6D11",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
      },
      {
         lang: "es",
         value: "WinSCP anterior a 5.5.3, cuando FTP con TLS está utilizado, no verifica que el nombre del servidor coincide un nombre de dominio en el nombre común del sujeto (CN) o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado valido arbitrario.",
      },
   ],
   id: "CVE-2014-2735",
   lastModified: "2024-11-21T02:06:51.593",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5.8,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2014-04-22T13:06:29.853",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://winscp.net/eng/docs/history",
      },
      {
         source: "cve@mitre.org",
         url: "http://winscp.net/tracker/show_bug.cgi?id=1152",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/531847/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://winscp.net/eng/docs/history",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://winscp.net/tracker/show_bug.cgi?id=1152",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/531847/100/0/threaded",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2019-01-31 18:29
Modified
2024-11-21 04:45
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.htmlBroken Link
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
cve@mitre.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
cve@mitre.orghttps://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.cRelease Notes, Vendor Advisory
cve@mitre.orghttps://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes, Vendor Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
cve@mitre.orghttps://security.gentoo.org/glsa/201903-16Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
cve@mitre.orghttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/3885-1/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4387Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3702Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.cRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.cRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190213-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3885-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4387Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "52D09A55-B853-43B5-8397-E2AC6CD0EBBC",
                     versionEndIncluding: "7.9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "3D0A98E2-B715-4EF5-9CF8-07500E119271",
                     versionEndIncluding: "5.13",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                     matchCriteriaId: "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "07C312A0-CD2C-4B9C-B064-6409B25C278F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "85DF4B3F-4BBC-42B7-B729-096934523D63",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7E968916-8CE0-4165-851F-14E37ECEA948",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                     matchCriteriaId: "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "F4CFF558-3C47-480D-A2F0-BABF26042943",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "92BC9265-6959-4D37-BE5E-8C45E98992F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "831F0F47-3565-4763-B16F-C87B1FF2035E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "0E3F09B5-569F-4C58-9FCA-3C0953D107B5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "6C3741B8-851F-475D-B428-523F4F722350",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "E28F226A-CBC7-4A32-BE58-398FA5B42481",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "AC10D919-57FD-4725-B8D2-39ECB476902F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "1272DF03-7674-4BD4-8E64-94004B195448",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0D3A0312-1249-4257-98F1-57E8959989C5",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EA8B483F-0FD2-49F8-A86A-672A6E007949",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FC0C9671-47BB-43CB-8906-9BC2B86B3229",
                     versionEndExcluding: "3.2.7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "C834C295-D600-44E8-9783-49A319084F5A",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "271CACEB-10F5-4CA8-9C99-3274F18EE62D",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "433EEE1B-134C-48F9-8688-23C5F1ABBF0F",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "47FFEE5C-5DAE-4FAD-9651-7983DE092120",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "2FD8BD3B-C35B-4C44-B5A1-FA4646ACB374",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "66D6EF49-7094-41D9-BDF5-AE5846E37418",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6593DA00-EE33-4223-BEAE-8DC629E79287",
                     versionEndExcluding: "xcp2361",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "67E048EC-4A4F-4F0A-B0B5-F234700293DA",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "983D27DE-BC89-454E-AE47-95A26A3651E2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "FF6FAFAE-EBA5-43D2-9CA8-ECF3DD3B285E",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "5825AEE1-B668-40BD-86A9-2799430C742C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "665502CB-FCC8-4619-B673-408F7190252A",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "3DA2D526-BDCF-4A65-914A-B3BA3A0CD613",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "483F5457-7E06-46F3-A808-194289B98AFF",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "EE0CF40B-E5BD-4558-9321-184D58EF621D",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "D5644E3E-941A-429A-9AFB-C1023659C1C2",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F3C9C09-7B2B-4DB6-8BE0-35302ED35776",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "0C1318DD-6AF4-490D-A4AE-079BA544EF8F",
                     versionEndExcluding: "xcp3070",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "95503CE5-1D06-4092-A60D-D310AADCAFB1",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
      },
      {
         lang: "es",
         value: "Se ha descubierto un problema en OpenSSH 7.9. Debido a la falta de cifrado de caracteres en la pantalla de progreso, un servidor malicioso (o atacante Man-in-the-Middle) puede emplear nombres de objeto manipulados para manipular la salida del cliente, por ejemplo, empleando códigos de control de ANSI para ocultar los archivos adicionales que se están transfiriendo. Esto afecta a refresh_progress_meter() en progressmeter.c.",
      },
   ],
   id: "CVE-2019-6109",
   lastModified: "2024-11-21T04:45:57.517",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "HIGH",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 4.9,
            impactScore: 4.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "HIGH",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.8,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.6,
            impactScore: 5.2,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2019-01-31T18:29:00.710",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3702",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-1/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4387",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Broken Link",
         ],
         url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://access.redhat.com/errata/RHSA-2019:3702",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Release Notes",
            "Vendor Advisory",
         ],
         url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Mailing List",
            "Third Party Advisory",
         ],
         url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.gentoo.org/glsa/201903-16",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://usn.ubuntu.com/3885-1/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://www.debian.org/security/2019/dsa-4387",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Third Party Advisory",
         ],
         url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-116",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-23 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
Impacted products
Vendor Product Version
cisco ios 12.0s
cisco ios 12.0st
cisco ios 12.1e
cisco ios 12.1ea
cisco ios 12.1t
cisco ios 12.2
cisco ios 12.2s
cisco ios 12.2t
fissh ssh_client 1.0a_for_windows
intersoft securenetterm 5.4.1
netcomposite shellguard_ssh 3.4.6
pragma_systems secureshell 2.0
putty putty 0.48
putty putty 0.49
putty putty 0.53
winscp winscp 2.0.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C398460-3F38-4AA7-A4B1-FD8A01588DB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBEA01D2-B985-4575-AF00-144CE2E3024D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                     matchCriteriaId: "7126E176-D739-4102-8F10-1EEB8C6A219D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                     matchCriteriaId: "E90C0554-1A50-4341-AB07-80AA854673D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                     matchCriteriaId: "752C3C6B-910D-4153-A162-DF255F60306B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D035A35-D53E-4C49-B4E4-F40B85866F27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                     matchCriteriaId: "84900BB3-B49F-448A-9E04-FE423FBCCC4F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F994C47-04BA-4286-B206-7EC8844E39A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06F753D5-DAAD-491E-8158-1C3CE9C30274",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4343CA3-F040-4FBE-A688-048BBB3993F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5259078F-BA9C-4EAB-A331-DCA621D187D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "58BA8E70-9491-4D4F-9182-2F48347BF6FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "833B5B6D-9A6B-4F25-81B0-F27D82940F8D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
      },
   ],
   id: "CVE-2002-1358",
   lastModified: "2024-11-20T23:41:06.857",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-23T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2002-12-23 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
Impacted products
Vendor Product Version
cisco ios 12.0s
cisco ios 12.0st
cisco ios 12.1e
cisco ios 12.1ea
cisco ios 12.1t
cisco ios 12.2
cisco ios 12.2s
cisco ios 12.2t
fissh ssh_client 1.0a_for_windows
intersoft securenetterm 5.4.1
netcomposite shellguard_ssh 3.4.6
pragma_systems secureshell 2.0
putty putty 0.48
putty putty 0.49
putty putty 0.53
winscp winscp 2.0.0



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2C398460-3F38-4AA7-A4B1-FD8A01588DB5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                     matchCriteriaId: "DBEA01D2-B985-4575-AF00-144CE2E3024D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                     matchCriteriaId: "7126E176-D739-4102-8F10-1EEB8C6A219D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                     matchCriteriaId: "E90C0554-1A50-4341-AB07-80AA854673D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                     matchCriteriaId: "752C3C6B-910D-4153-A162-DF255F60306B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "E4BC49F2-3DCB-45F0-9030-13F6415EE178",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                     matchCriteriaId: "2D035A35-D53E-4C49-B4E4-F40B85866F27",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                     matchCriteriaId: "84900BB3-B49F-448A-9E04-FE423FBCCC4F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                     matchCriteriaId: "0F994C47-04BA-4286-B206-7EC8844E39A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06F753D5-DAAD-491E-8158-1C3CE9C30274",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "B4343CA3-F040-4FBE-A688-048BBB3993F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "5259078F-BA9C-4EAB-A331-DCA621D187D5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                     matchCriteriaId: "1283B462-042C-4857-A700-4179AAE20E2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                     matchCriteriaId: "2791C9DD-F55D-4683-85AF-B6814C34EFBF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                     matchCriteriaId: "58BA8E70-9491-4D4F-9182-2F48347BF6FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "833B5B6D-9A6B-4F25-81B0-F27D82940F8D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.",
      },
   ],
   id: "CVE-2002-1359",
   lastModified: "2024-11-20T23:41:07.000",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "COMPLETE",
               baseScore: 10,
               confidentialityImpact: "COMPLETE",
               integrityImpact: "COMPLETE",
               vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 10,
            obtainAllPrivilege: true,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2002-12-23T05:00:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "cve@mitre.org",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/6407",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10870",
      },
      {
         source: "cve@mitre.org",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5848",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005812",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securitytracker.com/id?1005813",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "US Government Resource",
         ],
         url: "http://www.cert.org/advisories/CA-2002-36.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/6407",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10870",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5848",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-20",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

cve-2002-1357
Vulnerability from cvelistv5
Published
2002-12-17 05:00
Modified
2024-08-08 03:19
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
References
http://securitytracker.com/id?1005812vdb-entry, x_refsource_SECTRACK
http://www.cert.org/advisories/CA-2002-36.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5849vdb-entry, signature, x_refsource_OVAL
http://www.kb.cert.org/vuls/id/389665third-party-advisory, x_refsource_CERT-VN
https://exchange.xforce.ibmcloud.com/vulnerabilities/10868vdb-entry, x_refsource_XF
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.htmlmailing-list, x_refsource_VULNWATCH
http://www.securityfocus.com/bid/6405vdb-entry, x_refsource_BID
http://securitytracker.com/id?1005813vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:19:28.536Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1005812",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005812",
               },
               {
                  name: "CA-2002-36",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.cert.org/advisories/CA-2002-36.html",
               },
               {
                  name: "oval:org.mitre.oval:def:5849",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5849",
               },
               {
                  name: "VU#389665",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/389665",
               },
               {
                  name: "ssh-transport-length-bo(10868)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10868",
               },
               {
                  name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
               },
               {
                  name: "6405",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/6405",
               },
               {
                  name: "1005813",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005813",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-12-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1005812",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005812",
            },
            {
               name: "CA-2002-36",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.cert.org/advisories/CA-2002-36.html",
            },
            {
               name: "oval:org.mitre.oval:def:5849",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5849",
            },
            {
               name: "VU#389665",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/389665",
            },
            {
               name: "ssh-transport-length-bo(10868)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10868",
            },
            {
               name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
            },
            {
               name: "6405",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/6405",
            },
            {
               name: "1005813",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005813",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1357",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1005812",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005812",
                  },
                  {
                     name: "CA-2002-36",
                     refsource: "CERT",
                     url: "http://www.cert.org/advisories/CA-2002-36.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:5849",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5849",
                  },
                  {
                     name: "VU#389665",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/389665",
                  },
                  {
                     name: "ssh-transport-length-bo(10868)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10868",
                  },
                  {
                     name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
                  },
                  {
                     name: "6405",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/6405",
                  },
                  {
                     name: "1005813",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005813",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1357",
      datePublished: "2002-12-17T05:00:00",
      dateReserved: "2002-12-14T00:00:00",
      dateUpdated: "2024-08-08T03:19:28.536Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-4909
Vulnerability from cvelistv5
Published
2007-09-17 17:00
Modified
2024-08-07 15:08
Severity ?
Summary
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T15:08:33.919Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30",
               },
               {
                  name: "winscp-scpsftp-command-execution(36591)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591",
               },
               {
                  name: "3141",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/3141",
               },
               {
                  name: "25655",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/25655",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://winscp.net/eng/docs/history/",
               },
               {
                  name: "26820",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/26820",
               },
               {
                  name: "1018697",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id?1018697",
               },
               {
                  name: "20070913 WinSCP < 4.04 url protocol handler flaw",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/479298/100/0/threaded",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-09-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-15T20:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30",
            },
            {
               name: "winscp-scpsftp-command-execution(36591)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591",
            },
            {
               name: "3141",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/3141",
            },
            {
               name: "25655",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/25655",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://winscp.net/eng/docs/history/",
            },
            {
               name: "26820",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/26820",
            },
            {
               name: "1018697",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id?1018697",
            },
            {
               name: "20070913 WinSCP < 4.04 url protocol handler flaw",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/479298/100/0/threaded",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-4909",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP.  NOTE: this is related to an incomplete fix for CVE-2006-3015.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30",
                     refsource: "MISC",
                     url: "http://winscp.cvs.sourceforge.net/winscp/winscp3/core/SessionData.cpp?r1=1.29&r2=1.30",
                  },
                  {
                     name: "winscp-scpsftp-command-execution(36591)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/36591",
                  },
                  {
                     name: "3141",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/3141",
                  },
                  {
                     name: "25655",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/25655",
                  },
                  {
                     name: "http://winscp.net/eng/docs/history/",
                     refsource: "CONFIRM",
                     url: "http://winscp.net/eng/docs/history/",
                  },
                  {
                     name: "26820",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/26820",
                  },
                  {
                     name: "1018697",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id?1018697",
                  },
                  {
                     name: "20070913 WinSCP < 4.04 url protocol handler flaw",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/479298/100/0/threaded",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-4909",
      datePublished: "2007-09-17T17:00:00",
      dateReserved: "2007-09-17T00:00:00",
      dateUpdated: "2024-08-07T15:08:33.919Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-3331
Vulnerability from cvelistv5
Published
2021-01-27 20:22
Modified
2024-08-03 16:53
Severity ?
Summary
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T16:53:17.236Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://winscp.net/eng/docs/history#5.17.10",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://winscp.net/tracker/1943",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://winscp.net/eng/docs/rawsettings",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-01-27T20:22:25",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://winscp.net/eng/docs/history#5.17.10",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://winscp.net/tracker/1943",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://winscp.net/eng/docs/rawsettings",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-3331",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. (For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs.)",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://winscp.net/eng/docs/history#5.17.10",
                     refsource: "MISC",
                     url: "https://winscp.net/eng/docs/history#5.17.10",
                  },
                  {
                     name: "https://winscp.net/tracker/1943",
                     refsource: "MISC",
                     url: "https://winscp.net/tracker/1943",
                  },
                  {
                     name: "https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d",
                     refsource: "MISC",
                     url: "https://github.com/winscp/winscp/commit/faa96e8144e6925a380f94a97aa382c9427f688d",
                  },
                  {
                     name: "https://winscp.net/eng/docs/rawsettings",
                     refsource: "MISC",
                     url: "https://winscp.net/eng/docs/rawsettings",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-3331",
      datePublished: "2021-01-27T20:22:25",
      dateReserved: "2021-01-27T00:00:00",
      dateUpdated: "2024-08-03T16:53:17.236Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2023-48795
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 21:46
Severity ?
Summary
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.
References
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://matt.ucc.asn.au/dropbear/CHANGES
https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
https://www.netsarang.com/en/xshell-update-history/
https://www.paramiko.org/changelog.html
https://www.openssh.com/openbsd.html
https://github.com/openssh/openssh-portable/commits/master
https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
https://www.bitvise.com/ssh-server-version-history
https://github.com/ronf/asyncssh/tags
https://gitlab.com/libssh/libssh-mirror/-/tags
https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
https://www.openssh.com/txt/release-9.6
https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
https://www.terrapin-attack.com
https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
https://www.openwall.com/lists/oss-security/2023/12/18/2
https://twitter.com/TrueSkrillor/status/1736774389725565005
https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
https://github.com/paramiko/paramiko/issues/2337
https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
http://www.openwall.com/lists/oss-security/2023/12/18/3mailing-list
https://github.com/mwiede/jsch/issues/457
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://security-tracker.debian.org/tracker/source-package/libssh2
https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
https://security-tracker.debian.org/tracker/CVE-2023-48795
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugs.gentoo.org/920280
https://ubuntu.com/security/CVE-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
https://access.redhat.com/security/cve/cve-2023-48795
https://github.com/mwiede/jsch/pull/461
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/libssh2/libssh2/pull/1291
https://forum.netgate.com/topic/184941/terrapin-ssh-attack
https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
https://github.com/rapier1/hpn-ssh/releases
https://github.com/proftpd/proftpd/issues/456
https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
https://oryx-embedded.com/download/#changelog
https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
https://crates.io/crates/thrussh/versions
https://github.com/NixOS/nixpkgs/pull/275249
http://www.openwall.com/lists/oss-security/2023/12/19/5mailing-list
https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
http://www.openwall.com/lists/oss-security/2023/12/20/3mailing-list
http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
https://github.com/apache/mina-sshd/issues/445
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://www.openwall.com/lists/oss-security/2023/12/20/3
https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/vendor-advisory
https://www.debian.org/security/2023/dsa-5586vendor-advisory
https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
https://www.theregister.com/2023/12/20/terrapin_attack_ssh
https://filezilla-project.org/versions.php
https://nova.app/releases/#v11.8
https://roumenpetrov.info/secsh/#news20231220
https://www.vandyke.com/products/securecrt/history.txt
https://help.panic.com/releasenotes/transmit5/
https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://github.com/cyd01/KiTTY/issues/520
https://www.debian.org/security/2023/dsa-5588vendor-advisory
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://news.ycombinator.com/item?id=38732005
https://lists.debian.org/debian-lts-announce/2023/12/msg00017.htmlmailing-list
https://security.gentoo.org/glsa/202312-16vendor-advisory
https://security.gentoo.org/glsa/202312-17vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/vendor-advisory
https://security.netapp.com/advisory/ntap-20240105-0004/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/vendor-advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00013.htmlmailing-list
https://lists.debian.org/debian-lts-announce/2024/01/msg00014.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/vendor-advisory
https://support.apple.com/kb/HT214084
http://seclists.org/fulldisclosure/2024/Mar/21mailing-list
https://lists.debian.org/debian-lts-announce/2024/04/msg00016.htmlmailing-list
http://www.openwall.com/lists/oss-security/2024/04/17/8mailing-list
http://www.openwall.com/lists/oss-security/2024/03/06/3mailing-list
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T21:46:27.255Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://matt.ucc.asn.au/dropbear/CHANGES",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.netsarang.com/en/xshell-update-history/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.paramiko.org/changelog.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssh.com/openbsd.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/openssh/openssh-portable/commits/master",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.bitvise.com/ssh-server-version-history",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/ronf/asyncssh/tags",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://gitlab.com/libssh/libssh-mirror/-/tags",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openssh.com/txt/release-9.6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.terrapin-attack.com",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2023/12/18/2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://twitter.com/TrueSkrillor/status/1736774389725565005",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/paramiko/paramiko/issues/2337",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=38684904",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=38685286",
               },
               {
                  name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/12/18/3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/mwiede/jsch/issues/457",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-45x7-px36-x8w8",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/source-package/libssh2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2023-48795",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugs.gentoo.org/920280",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://ubuntu.com/security/CVE-2023-48795",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/security/cve/cve-2023-48795",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/mwiede/jsch/pull/461",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/libssh2/libssh2/pull/1291",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/rapier1/hpn-ssh/releases",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/proftpd/proftpd/issues/456",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://oryx-embedded.com/download/#changelog",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://crates.io/crates/thrussh/versions",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/NixOS/nixpkgs/pull/275249",
               },
               {
                  name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/12/19/5",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
               },
               {
                  name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2023/12/20/3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/apache/mina-sshd/issues/445",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/hierynomus/sshj/issues/916",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/janmojzis/tinyssh/issues/81",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2023/12/20/3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
               },
               {
                  name: "FEDORA-2023-0733306be9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
               },
               {
                  name: "DSA-5586",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5586",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://filezilla-project.org/versions.php",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://nova.app/releases/#v11.8",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://roumenpetrov.info/secsh/#news20231220",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.vandyke.com/products/securecrt/history.txt",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://help.panic.com/releasenotes/transmit5/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://winscp.net/eng/docs/history#6.2.2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.bitvise.com/ssh-client-version-history#933",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/cyd01/KiTTY/issues/520",
               },
               {
                  name: "DSA-5588",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2023/dsa-5588",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/ssh-mitm/ssh-mitm/issues/165",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=38732005",
               },
               {
                  name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
               },
               {
                  name: "GLSA-202312-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202312-16",
               },
               {
                  name: "GLSA-202312-17",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202312-17",
               },
               {
                  name: "FEDORA-2023-20feb865d8",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
               },
               {
                  name: "FEDORA-2023-cb8c606fbb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
               },
               {
                  name: "FEDORA-2023-e77300e4b5",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
               },
               {
                  name: "FEDORA-2023-b87ec6cf47",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
               },
               {
                  name: "FEDORA-2023-153404713b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240105-0004/",
               },
               {
                  name: "FEDORA-2024-3bb23c77f3",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
               },
               {
                  name: "FEDORA-2023-55800423a8",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
               },
               {
                  name: "FEDORA-2024-d946b9ad25",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
               },
               {
                  name: "FEDORA-2024-71c2c6526c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
               },
               {
                  name: "FEDORA-2024-39a8c72ea9",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
               },
               {
                  name: "FEDORA-2024-ae653fb07b",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
               },
               {
                  name: "FEDORA-2024-2705241461",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
               },
               {
                  name: "FEDORA-2024-fb32950d11",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
               },
               {
                  name: "FEDORA-2024-7b08207cdb",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
               },
               {
                  name: "FEDORA-2024-06ebb70bdd",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
               },
               {
                  name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
               },
               {
                  name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
               },
               {
                  name: "FEDORA-2024-a53b24023d",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
               },
               {
                  name: "FEDORA-2024-3fd1bc9276",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT214084",
               },
               {
                  name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2024/Mar/21",
               },
               {
                  name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
               },
               {
                  name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/04/17/8",
               },
               {
                  name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/03/06/3",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-05-01T18:06:23.972272",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
            },
            {
               url: "https://matt.ucc.asn.au/dropbear/CHANGES",
            },
            {
               url: "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES",
            },
            {
               url: "https://www.netsarang.com/en/xshell-update-history/",
            },
            {
               url: "https://www.paramiko.org/changelog.html",
            },
            {
               url: "https://www.openssh.com/openbsd.html",
            },
            {
               url: "https://github.com/openssh/openssh-portable/commits/master",
            },
            {
               url: "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ",
            },
            {
               url: "https://www.bitvise.com/ssh-server-version-history",
            },
            {
               url: "https://github.com/ronf/asyncssh/tags",
            },
            {
               url: "https://gitlab.com/libssh/libssh-mirror/-/tags",
            },
            {
               url: "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/",
            },
            {
               url: "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42",
            },
            {
               url: "https://www.openssh.com/txt/release-9.6",
            },
            {
               url: "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/",
            },
            {
               url: "https://www.terrapin-attack.com",
            },
            {
               url: "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25",
            },
            {
               url: "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst",
            },
            {
               url: "https://thorntech.com/cve-2023-48795-and-sftp-gateway/",
            },
            {
               url: "https://github.com/warp-tech/russh/releases/tag/v0.40.2",
            },
            {
               url: "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0",
            },
            {
               url: "https://www.openwall.com/lists/oss-security/2023/12/18/2",
            },
            {
               url: "https://twitter.com/TrueSkrillor/status/1736774389725565005",
            },
            {
               url: "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d",
            },
            {
               url: "https://github.com/paramiko/paramiko/issues/2337",
            },
            {
               url: "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg",
            },
            {
               url: "https://news.ycombinator.com/item?id=38684904",
            },
            {
               url: "https://news.ycombinator.com/item?id=38685286",
            },
            {
               name: "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/12/18/3",
            },
            {
               url: "https://github.com/mwiede/jsch/issues/457",
            },
            {
               url: "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6",
            },
            {
               url: "https://github.com/erlang/otp/releases/tag/OTP-26.2.1",
            },
            {
               url: "https://github.com/advisories/GHSA-45x7-px36-x8w8",
            },
            {
               url: "https://security-tracker.debian.org/tracker/source-package/libssh2",
            },
            {
               url: "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg",
            },
            {
               url: "https://security-tracker.debian.org/tracker/CVE-2023-48795",
            },
            {
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1217950",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254210",
            },
            {
               url: "https://bugs.gentoo.org/920280",
            },
            {
               url: "https://ubuntu.com/security/CVE-2023-48795",
            },
            {
               url: "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/",
            },
            {
               url: "https://access.redhat.com/security/cve/cve-2023-48795",
            },
            {
               url: "https://github.com/mwiede/jsch/pull/461",
            },
            {
               url: "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6",
            },
            {
               url: "https://github.com/libssh2/libssh2/pull/1291",
            },
            {
               url: "https://forum.netgate.com/topic/184941/terrapin-ssh-attack",
            },
            {
               url: "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5",
            },
            {
               url: "https://github.com/rapier1/hpn-ssh/releases",
            },
            {
               url: "https://github.com/proftpd/proftpd/issues/456",
            },
            {
               url: "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1",
            },
            {
               url: "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15",
            },
            {
               url: "https://oryx-embedded.com/download/#changelog",
            },
            {
               url: "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update",
            },
            {
               url: "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22",
            },
            {
               url: "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab",
            },
            {
               url: "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3",
            },
            {
               url: "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC",
            },
            {
               url: "https://crates.io/crates/thrussh/versions",
            },
            {
               url: "https://github.com/NixOS/nixpkgs/pull/275249",
            },
            {
               name: "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/12/19/5",
            },
            {
               url: "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc",
            },
            {
               url: "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/",
            },
            {
               name: "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2023/12/20/3",
            },
            {
               url: "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html",
            },
            {
               url: "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES",
            },
            {
               url: "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES",
            },
            {
               url: "https://github.com/apache/mina-sshd/issues/445",
            },
            {
               url: "https://github.com/hierynomus/sshj/issues/916",
            },
            {
               url: "https://github.com/janmojzis/tinyssh/issues/81",
            },
            {
               url: "https://www.openwall.com/lists/oss-security/2023/12/20/3",
            },
            {
               url: "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2",
            },
            {
               url: "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16",
            },
            {
               name: "FEDORA-2023-0733306be9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/",
            },
            {
               name: "DSA-5586",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5586",
            },
            {
               url: "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508",
            },
            {
               url: "https://www.theregister.com/2023/12/20/terrapin_attack_ssh",
            },
            {
               url: "https://filezilla-project.org/versions.php",
            },
            {
               url: "https://nova.app/releases/#v11.8",
            },
            {
               url: "https://roumenpetrov.info/secsh/#news20231220",
            },
            {
               url: "https://www.vandyke.com/products/securecrt/history.txt",
            },
            {
               url: "https://help.panic.com/releasenotes/transmit5/",
            },
            {
               url: "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta",
            },
            {
               url: "https://github.com/PowerShell/Win32-OpenSSH/issues/2189",
            },
            {
               url: "https://winscp.net/eng/docs/history#6.2.2",
            },
            {
               url: "https://www.bitvise.com/ssh-client-version-history#933",
            },
            {
               url: "https://github.com/cyd01/KiTTY/issues/520",
            },
            {
               name: "DSA-5588",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2023/dsa-5588",
            },
            {
               url: "https://github.com/ssh-mitm/ssh-mitm/issues/165",
            },
            {
               url: "https://news.ycombinator.com/item?id=38732005",
            },
            {
               name: "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html",
            },
            {
               name: "GLSA-202312-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202312-16",
            },
            {
               name: "GLSA-202312-17",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202312-17",
            },
            {
               name: "FEDORA-2023-20feb865d8",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/",
            },
            {
               name: "FEDORA-2023-cb8c606fbb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/",
            },
            {
               name: "FEDORA-2023-e77300e4b5",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/",
            },
            {
               name: "FEDORA-2023-b87ec6cf47",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/",
            },
            {
               name: "FEDORA-2023-153404713b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240105-0004/",
            },
            {
               name: "FEDORA-2024-3bb23c77f3",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/",
            },
            {
               name: "FEDORA-2023-55800423a8",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/",
            },
            {
               name: "FEDORA-2024-d946b9ad25",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/",
            },
            {
               name: "FEDORA-2024-71c2c6526c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/",
            },
            {
               name: "FEDORA-2024-39a8c72ea9",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/",
            },
            {
               url: "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002",
            },
            {
               name: "FEDORA-2024-ae653fb07b",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/",
            },
            {
               name: "FEDORA-2024-2705241461",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/",
            },
            {
               name: "FEDORA-2024-fb32950d11",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/",
            },
            {
               name: "FEDORA-2024-7b08207cdb",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/",
            },
            {
               name: "FEDORA-2024-06ebb70bdd",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/",
            },
            {
               name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html",
            },
            {
               name: "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html",
            },
            {
               name: "FEDORA-2024-a53b24023d",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/",
            },
            {
               name: "FEDORA-2024-3fd1bc9276",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/",
            },
            {
               url: "https://support.apple.com/kb/HT214084",
            },
            {
               name: "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
               tags: [
                  "mailing-list",
               ],
               url: "http://seclists.org/fulldisclosure/2024/Mar/21",
            },
            {
               name: "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",
            },
            {
               name: "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/04/17/8",
            },
            {
               name: "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/03/06/3",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2023-48795",
      datePublished: "2023-12-18T00:00:00",
      dateReserved: "2023-11-20T00:00:00",
      dateUpdated: "2024-08-02T21:46:27.255Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-20684
Vulnerability from cvelistv5
Published
2019-01-10 21:00
Modified
2024-08-05 12:05
Severity ?
Summary
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:05:17.823Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "106526",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106526",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://winscp.net/eng/docs/history",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://winscp.net/tracker/1675",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-01-15T19:15:22",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "106526",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/106526",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://winscp.net/eng/docs/history",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://winscp.net/tracker/1675",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-20684",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "106526",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/106526",
                  },
                  {
                     name: "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
                     refsource: "MISC",
                     url: "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
                  },
                  {
                     name: "https://winscp.net/eng/docs/history",
                     refsource: "MISC",
                     url: "https://winscp.net/eng/docs/history",
                  },
                  {
                     name: "https://winscp.net/tracker/1675",
                     refsource: "MISC",
                     url: "https://winscp.net/tracker/1675",
                  },
                  {
                     name: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
                     refsource: "MISC",
                     url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-20684",
      datePublished: "2019-01-10T21:00:00",
      dateReserved: "2019-01-10T00:00:00",
      dateUpdated: "2024-08-05T12:05:17.823Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6110
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
Summary
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:16:24.236Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
               },
               {
                  name: "46193",
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/46193/",
               },
               {
                  name: "GLSA-201903-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201903-16",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
            },
            {
               url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
            },
            {
               url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
            },
            {
               url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
            },
            {
               name: "46193",
               tags: [
                  "exploit",
               ],
               url: "https://www.exploit-db.com/exploits/46193/",
            },
            {
               name: "GLSA-201903-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201903-16",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6110",
      datePublished: "2019-01-31T00:00:00",
      dateReserved: "2019-01-10T00:00:00",
      dateUpdated: "2024-08-04T20:16:24.236Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2014-2735
Vulnerability from cvelistv5
Published
2014-04-21 14:00
Modified
2024-08-06 10:21
Severity ?
Summary
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T10:21:36.023Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "20140416 CVE-2014-2735 - WinSCP: missing X.509 validation",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/531847/100/0/threaded",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://winscp.net/eng/docs/history",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://winscp.net/tracker/show_bug.cgi?id=1152",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2014-04-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-09T18:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "20140416 CVE-2014-2735 - WinSCP: missing X.509 validation",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/531847/100/0/threaded",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://winscp.net/eng/docs/history",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://winscp.net/tracker/show_bug.cgi?id=1152",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2014-2735",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "20140416 CVE-2014-2735 - WinSCP: missing X.509 validation",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/531847/100/0/threaded",
                  },
                  {
                     name: "http://winscp.net/eng/docs/history",
                     refsource: "CONFIRM",
                     url: "http://winscp.net/eng/docs/history",
                  },
                  {
                     name: "http://winscp.net/tracker/show_bug.cgi?id=1152",
                     refsource: "CONFIRM",
                     url: "http://winscp.net/tracker/show_bug.cgi?id=1152",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2014-2735",
      datePublished: "2014-04-21T14:00:00",
      dateReserved: "2014-04-08T00:00:00",
      dateUpdated: "2024-08-06T10:21:36.023Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-20685
Vulnerability from cvelistv5
Published
2019-01-10 00:00
Modified
2024-08-05 12:05
Severity ?
Summary
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T12:05:17.712Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-4387",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4387",
               },
               {
                  name: "USN-3885-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3885-1/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190215-0001/",
               },
               {
                  name: "106531",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106531",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
               },
               {
                  name: "GLSA-201903-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201903-16",
               },
               {
                  name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
               },
               {
                  name: "RHSA-2019:3702",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3702",
               },
               {
                  name: "GLSA-202007-53",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/202007-53",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-10T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-4387",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2019/dsa-4387",
            },
            {
               name: "USN-3885-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/3885-1/",
            },
            {
               url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
            },
            {
               url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20190215-0001/",
            },
            {
               name: "106531",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/106531",
            },
            {
               url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
            },
            {
               name: "GLSA-201903-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201903-16",
            },
            {
               name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
            },
            {
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            },
            {
               name: "RHSA-2019:3702",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3702",
            },
            {
               name: "GLSA-202007-53",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/202007-53",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-20685",
      datePublished: "2019-01-10T00:00:00",
      dateReserved: "2019-01-10T00:00:00",
      dateUpdated: "2024-08-05T12:05:17.712Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6111
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
Summary
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).
References
https://www.debian.org/security/2019/dsa-4387vendor-advisory
https://security.netapp.com/advisory/ntap-20190213-0001/
http://www.securityfocus.com/bid/106741vdb-entry
https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c
https://usn.ubuntu.com/3885-1/vendor-advisory
https://usn.ubuntu.com/3885-2/vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1677794
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
https://www.exploit-db.com/exploits/46193/exploit
https://security.gentoo.org/glsa/201903-16vendor-advisory
https://lists.debian.org/debian-lts-announce/2019/03/msg00030.htmlmailing-list
http://www.openwall.com/lists/oss-security/2019/04/18/1mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/vendor-advisory
https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3Emailing-list
https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3Emailing-list
https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3Emailing-list
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.htmlvendor-advisory
https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.ascvendor-advisory
https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3Emailing-list
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://access.redhat.com/errata/RHSA-2019:3702vendor-advisory
http://www.openwall.com/lists/oss-security/2022/08/02/1mailing-list
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:16:23.623Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-4387",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4387",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
               },
               {
                  name: "106741",
                  tags: [
                     "vdb-entry",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/106741",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
               },
               {
                  name: "USN-3885-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3885-1/",
               },
               {
                  name: "USN-3885-2",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3885-2/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
               },
               {
                  name: "46193",
                  tags: [
                     "exploit",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/46193/",
               },
               {
                  name: "GLSA-201903-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201903-16",
               },
               {
                  name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
               },
               {
                  name: "[oss-security] 20190417 Announce: OpenSSH 8.0 released",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2019/04/18/1",
               },
               {
                  name: "FEDORA-2019-0f4190cdb0",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
               },
               {
                  name: "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
               },
               {
                  name: "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
               },
               {
                  name: "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
               },
               {
                  name: "openSUSE-SU-2019:1602",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
               },
               {
                  name: "FreeBSD-EN-19:10",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
               },
               {
                  name: "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
               },
               {
                  name: "RHSA-2019:3702",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3702",
               },
               {
                  name: "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2022/08/02/1",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file).",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-4387",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2019/dsa-4387",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
            },
            {
               name: "106741",
               tags: [
                  "vdb-entry",
               ],
               url: "http://www.securityfocus.com/bid/106741",
            },
            {
               url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
            },
            {
               name: "USN-3885-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/3885-1/",
            },
            {
               name: "USN-3885-2",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/3885-2/",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
            },
            {
               url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
            },
            {
               name: "46193",
               tags: [
                  "exploit",
               ],
               url: "https://www.exploit-db.com/exploits/46193/",
            },
            {
               name: "GLSA-201903-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201903-16",
            },
            {
               name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
            },
            {
               name: "[oss-security] 20190417 Announce: OpenSSH 8.0 released",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2019/04/18/1",
            },
            {
               name: "FEDORA-2019-0f4190cdb0",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
            },
            {
               name: "[mina-dev] 20190620 [jira] [Created] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3Cdev.mina.apache.org%3E",
            },
            {
               name: "[mina-dev] 20190623 [jira] [Comment Edited] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3Cdev.mina.apache.org%3E",
            },
            {
               name: "[mina-dev] 20190623 [jira] [Commented] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3Cdev.mina.apache.org%3E",
            },
            {
               name: "openSUSE-SU-2019:1602",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
            },
            {
               name: "FreeBSD-EN-19:10",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:10.scp.asc",
            },
            {
               name: "[mina-dev] 20190820 [jira] [Resolved] (SSHD-925) See if SCP vulnerability CVE-2019-6111 applies and mitigate it if so",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3Cdev.mina.apache.org%3E",
            },
            {
               url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            },
            {
               name: "RHSA-2019:3702",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3702",
            },
            {
               name: "[oss-security] 20220802 CVE-2022-29154: Rsync client-side arbitrary file write vulnerability.",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2022/08/02/1",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6111",
      datePublished: "2019-01-31T00:00:00",
      dateReserved: "2019-01-10T00:00:00",
      dateUpdated: "2024-08-04T20:16:23.623Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2024-31497
Vulnerability from cvelistv5
Published
2024-04-15 00:00
Modified
2024-08-19 07:48
Severity ?
Summary
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.
References
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://filezilla-project.org/versions.php
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
https://www.openwall.com/lists/oss-security/2024/04/15/6
https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward
https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty
https://news.ycombinator.com/item?id=40044665
https://winscp.net/eng/news.php
https://tortoisegit.org
https://github.com/advisories/GHSA-6p4c-r453-8743
https://bugzilla.redhat.com/show_bug.cgi?id=2275183
https://bugzilla.suse.com/show_bug.cgi?id=1222864
https://security-tracker.debian.org/tracker/CVE-2024-31497
https://twitter.com/lambdafu/status/1779969509522133272
https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git
https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/
https://github.com/daedalus/BreakingECDSAwithLLL
https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
https://twitter.com/CCBalert/status/1780229237569470549
https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/vendor-advisory
http://www.openwall.com/lists/oss-security/2024/04/15/6mailing-list
https://lists.debian.org/debian-lts-announce/2024/06/msg00014.htmlmailing-list
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:putty:putty:-:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "putty",
                  vendor: "putty",
                  versions: [
                     {
                        lessThan: "0.81",
                        status: "affected",
                        version: "0.68",
                        versionType: "semver",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-31497",
                        options: [
                           {
                              Exploitation: "None",
                           },
                           {
                              Automatable: "No",
                           },
                           {
                              "Technical Impact": "Partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-04-19T04:01:10.059065Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-06-04T17:37:17.161Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-19T07:48:01.287Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://filezilla-project.org/versions.php",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.openwall.com/lists/oss-security/2024/04/15/6",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=40044665",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://winscp.net/eng/news.php",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://tortoisegit.org",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/advisories/GHSA-6p4c-r453-8743",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.redhat.com/show_bug.cgi?id=2275183",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://bugzilla.suse.com/show_bug.cgi?id=1222864",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security-tracker.debian.org/tracker/CVE-2024-31497",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://twitter.com/lambdafu/status/1779969509522133272",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/daedalus/BreakingECDSAwithLLL",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://twitter.com/CCBalert/status/1780229237569470549",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/",
               },
               {
                  name: "FEDORA-2024-8401d42de6",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/",
               },
               {
                  name: "FEDORA-2024-ff9a2fb31c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/",
               },
               {
                  name: "FEDORA-2024-0489e7ba1e",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/",
               },
               {
                  name: "FEDORA-2024-08a4a5ead8",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/",
               },
               {
                  name: "FEDORA-2024-cba85cc558",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/",
               },
               {
                  name: "[oss-security] 20240415 CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "http://www.openwall.com/lists/oss-security/2024/04/15/6",
               },
               {
                  name: "[debian-lts-announce] 20240620 [SECURITY] [DLA 3839-1] putty security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html",
               },
               {
                  url: "https://www.vicarius.io/vsociety/posts/understanding-a-critical-vulnerability-in-putty-biased-ecdsa-nonce-generation-revealing-nist-p-521-private-keys-cve-2024-31497",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-20T19:05:59.509465",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",
            },
            {
               url: "https://filezilla-project.org/versions.php",
            },
            {
               url: "https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html",
            },
            {
               url: "https://www.openwall.com/lists/oss-security/2024/04/15/6",
            },
            {
               url: "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward",
            },
            {
               url: "https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty",
            },
            {
               url: "https://news.ycombinator.com/item?id=40044665",
            },
            {
               url: "https://winscp.net/eng/news.php",
            },
            {
               url: "https://tortoisegit.org",
            },
            {
               url: "https://github.com/advisories/GHSA-6p4c-r453-8743",
            },
            {
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2275183",
            },
            {
               url: "https://bugzilla.suse.com/show_bug.cgi?id=1222864",
            },
            {
               url: "https://security-tracker.debian.org/tracker/CVE-2024-31497",
            },
            {
               url: "https://twitter.com/lambdafu/status/1779969509522133272",
            },
            {
               url: "https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=simon/putty.git",
            },
            {
               url: "https://www.reddit.com/r/sysadmin/comments/1c4wmoj/putty_vulnerability_affecting_v068_to_v08/",
            },
            {
               url: "https://github.com/daedalus/BreakingECDSAwithLLL",
            },
            {
               url: "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/",
            },
            {
               url: "https://twitter.com/CCBalert/status/1780229237569470549",
            },
            {
               url: "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/",
            },
            {
               name: "FEDORA-2024-8401d42de6",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMJH7M663BVO3SY6MFAW2FAZWLLXAPRQ/",
            },
            {
               name: "FEDORA-2024-ff9a2fb31c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMHILY2K7HQGQRHOC375KRRG2M6625RD/",
            },
            {
               name: "FEDORA-2024-0489e7ba1e",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZS3B37GNGWOOV7QU7B7JFK76U4TOP4V/",
            },
            {
               name: "FEDORA-2024-08a4a5ead8",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WFDZBV7ZCAZ6AH3VCQ34SSY7L3J7VZXZ/",
            },
            {
               name: "FEDORA-2024-cba85cc558",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PUOTQVGC4DISVHQGSPUYGXO6TLDK65LA/",
            },
            {
               name: "[oss-security] 20240415 CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client",
               tags: [
                  "mailing-list",
               ],
               url: "http://www.openwall.com/lists/oss-security/2024/04/15/6",
            },
            {
               name: "[debian-lts-announce] 20240620 [SECURITY] [DLA 3839-1] putty security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00014.html",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2024-31497",
      datePublished: "2024-04-15T00:00:00",
      dateReserved: "2024-04-04T00:00:00",
      dateUpdated: "2024-08-19T07:48:01.287Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-1358
Vulnerability from cvelistv5
Published
2002-12-17 05:00
Modified
2024-08-08 03:19
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
References
http://securitytracker.com/id?1005812vdb-entry, x_refsource_SECTRACK
http://www.cert.org/advisories/CA-2002-36.htmlthird-party-advisory, x_refsource_CERT
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721vdb-entry, signature, x_refsource_OVAL
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.htmlmailing-list, x_refsource_VULNWATCH
http://securitytracker.com/id?1005813vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:19:28.601Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1005812",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005812",
               },
               {
                  name: "CA-2002-36",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.cert.org/advisories/CA-2002-36.html",
               },
               {
                  name: "oval:org.mitre.oval:def:5721",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721",
               },
               {
                  name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
               },
               {
                  name: "1005813",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005813",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-12-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1005812",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005812",
            },
            {
               name: "CA-2002-36",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.cert.org/advisories/CA-2002-36.html",
            },
            {
               name: "oval:org.mitre.oval:def:5721",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721",
            },
            {
               name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
            },
            {
               name: "1005813",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005813",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1358",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1005812",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005812",
                  },
                  {
                     name: "CA-2002-36",
                     refsource: "CERT",
                     url: "http://www.cert.org/advisories/CA-2002-36.html",
                  },
                  {
                     name: "oval:org.mitre.oval:def:5721",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721",
                  },
                  {
                     name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
                  },
                  {
                     name: "1005813",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005813",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1358",
      datePublished: "2002-12-17T05:00:00",
      dateReserved: "2002-12-14T00:00:00",
      dateUpdated: "2024-08-08T03:19:28.601Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2006-3015
Vulnerability from cvelistv5
Published
2006-06-14 15:00
Modified
2024-08-07 18:16
Severity ?
Summary
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/27075vdb-entry, x_refsource_XF
http://winscp.net/eng/docs/history#3.8.2x_refsource_CONFIRM
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.htmlmailing-list, x_refsource_FULLDISC
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.htmlmailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/20575third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/2289vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/bid/18384vdb-entry, x_refsource_BID
http://www.kb.cert.org/vuls/id/912588third-party-advisory, x_refsource_CERT-VN
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T18:16:04.359Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "winscp-uri-handler-command-execution(27075)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://winscp.net/eng/docs/history#3.8.2",
               },
               {
                  name: "20060611 WinSCP - URI Handler Command Switch Parsing",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html",
               },
               {
                  name: "20060310 WinSCP - URI Handler Command Switch Parsing",
                  tags: [
                     "mailing-list",
                     "x_refsource_FULLDISC",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html",
               },
               {
                  name: "20575",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/20575",
               },
               {
                  name: "ADV-2006-2289",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2006/2289",
               },
               {
                  name: "18384",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/18384",
               },
               {
                  name: "VU#912588",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT-VN",
                     "x_transferred",
                  ],
                  url: "http://www.kb.cert.org/vuls/id/912588",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2006-06-11T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-19T15:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "winscp-uri-handler-command-execution(27075)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://winscp.net/eng/docs/history#3.8.2",
            },
            {
               name: "20060611 WinSCP - URI Handler Command Switch Parsing",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html",
            },
            {
               name: "20060310 WinSCP - URI Handler Command Switch Parsing",
               tags: [
                  "mailing-list",
                  "x_refsource_FULLDISC",
               ],
               url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html",
            },
            {
               name: "20575",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/20575",
            },
            {
               name: "ADV-2006-2289",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2006/2289",
            },
            {
               name: "18384",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/18384",
            },
            {
               name: "VU#912588",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
               ],
               url: "http://www.kb.cert.org/vuls/id/912588",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2006-3015",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "winscp-uri-handler-command-execution(27075)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/27075",
                  },
                  {
                     name: "http://winscp.net/eng/docs/history#3.8.2",
                     refsource: "CONFIRM",
                     url: "http://winscp.net/eng/docs/history#3.8.2",
                  },
                  {
                     name: "20060611 WinSCP - URI Handler Command Switch Parsing",
                     refsource: "FULLDISC",
                     url: "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046810.html",
                  },
                  {
                     name: "20060310 WinSCP - URI Handler Command Switch Parsing",
                     refsource: "FULLDISC",
                     url: "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0196.html",
                  },
                  {
                     name: "20575",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/20575",
                  },
                  {
                     name: "ADV-2006-2289",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2006/2289",
                  },
                  {
                     name: "18384",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/18384",
                  },
                  {
                     name: "VU#912588",
                     refsource: "CERT-VN",
                     url: "http://www.kb.cert.org/vuls/id/912588",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2006-3015",
      datePublished: "2006-06-14T15:00:00",
      dateReserved: "2006-06-14T00:00:00",
      dateUpdated: "2024-08-07T18:16:04.359Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2013-4852
Vulnerability from cvelistv5
Published
2013-08-19 23:00
Modified
2024-08-06 16:59
Severity ?
Summary
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:59:40.996Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "54533",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/54533",
               },
               {
                  name: "54517",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/54517",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://winscp.net/tracker/show_bug.cgi?id=1017",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.search-lab.hu/advisories/secadv-20130722",
               },
               {
                  name: "DSA-2736",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2013/dsa-2736",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896",
               },
               {
                  name: "openSUSE-SU-2013:1347",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html",
               },
               {
                  name: "54379",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/54379",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html",
               },
               {
                  name: "openSUSE-SU-2013:1355",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_SUSE",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-08-05T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2013-08-30T09:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "54533",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/54533",
            },
            {
               name: "54517",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/54517",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://winscp.net/tracker/show_bug.cgi?id=1017",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.search-lab.hu/advisories/secadv-20130722",
            },
            {
               name: "DSA-2736",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2013/dsa-2736",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896",
            },
            {
               name: "openSUSE-SU-2013:1347",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html",
            },
            {
               name: "54379",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/54379",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html",
            },
            {
               name: "openSUSE-SU-2013:1355",
               tags: [
                  "vendor-advisory",
                  "x_refsource_SUSE",
               ],
               url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2013-4852",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "54533",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/54533",
                  },
                  {
                     name: "54517",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/54517",
                  },
                  {
                     name: "http://winscp.net/tracker/show_bug.cgi?id=1017",
                     refsource: "MISC",
                     url: "http://winscp.net/tracker/show_bug.cgi?id=1017",
                  },
                  {
                     name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779",
                     refsource: "CONFIRM",
                     url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779",
                  },
                  {
                     name: "http://www.search-lab.hu/advisories/secadv-20130722",
                     refsource: "MISC",
                     url: "http://www.search-lab.hu/advisories/secadv-20130722",
                  },
                  {
                     name: "DSA-2736",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2013/dsa-2736",
                  },
                  {
                     name: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896",
                     refsource: "MISC",
                     url: "http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896",
                  },
                  {
                     name: "openSUSE-SU-2013:1347",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html",
                  },
                  {
                     name: "54379",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/54379",
                  },
                  {
                     name: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html",
                     refsource: "CONFIRM",
                     url: "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-signature-stringlen.html",
                  },
                  {
                     name: "openSUSE-SU-2013:1355",
                     refsource: "SUSE",
                     url: "http://lists.opensuse.org/opensuse-updates/2013-08/msg00041.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2013-4852",
      datePublished: "2013-08-19T23:00:00",
      dateReserved: "2013-07-16T00:00:00",
      dateUpdated: "2024-08-06T16:59:40.996Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-1359
Vulnerability from cvelistv5
Published
2002-12-17 05:00
Modified
2024-08-08 03:19
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:19:28.748Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1005812",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005812",
               },
               {
                  name: "CA-2002-36",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.cert.org/advisories/CA-2002-36.html",
               },
               {
                  name: "ssh-transport-multiple-bo(10870)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10870",
               },
               {
                  name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
               },
               {
                  name: "6407",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/6407",
               },
               {
                  name: "oval:org.mitre.oval:def:5848",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5848",
               },
               {
                  name: "1005813",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005813",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-12-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1005812",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005812",
            },
            {
               name: "CA-2002-36",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.cert.org/advisories/CA-2002-36.html",
            },
            {
               name: "ssh-transport-multiple-bo(10870)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10870",
            },
            {
               name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
            },
            {
               name: "6407",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/6407",
            },
            {
               name: "oval:org.mitre.oval:def:5848",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5848",
            },
            {
               name: "1005813",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005813",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1359",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1005812",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005812",
                  },
                  {
                     name: "CA-2002-36",
                     refsource: "CERT",
                     url: "http://www.cert.org/advisories/CA-2002-36.html",
                  },
                  {
                     name: "ssh-transport-multiple-bo(10870)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10870",
                  },
                  {
                     name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
                  },
                  {
                     name: "6407",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/6407",
                  },
                  {
                     name: "oval:org.mitre.oval:def:5848",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5848",
                  },
                  {
                     name: "1005813",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005813",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1359",
      datePublished: "2002-12-17T05:00:00",
      dateReserved: "2002-12-14T00:00:00",
      dateUpdated: "2024-08-08T03:19:28.748Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2019-6109
Vulnerability from cvelistv5
Published
2019-01-31 00:00
Modified
2024-08-04 20:16
Severity ?
Summary
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T20:16:24.501Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "DSA-4387",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://www.debian.org/security/2019/dsa-4387",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
               },
               {
                  name: "USN-3885-1",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://usn.ubuntu.com/3885-1/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
               },
               {
                  name: "GLSA-201903-16",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://security.gentoo.org/glsa/201903-16",
               },
               {
                  name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
               },
               {
                  name: "FEDORA-2019-0f4190cdb0",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
               },
               {
                  name: "openSUSE-SU-2019:1602",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
               },
               {
                  name: "RHSA-2019:3702",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2019:3702",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2019-01-31T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-12-13T00:00:00",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "DSA-4387",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://www.debian.org/security/2019/dsa-4387",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
            },
            {
               url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
            },
            {
               name: "USN-3885-1",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://usn.ubuntu.com/3885-1/",
            },
            {
               url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
            },
            {
               url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
            },
            {
               name: "GLSA-201903-16",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://security.gentoo.org/glsa/201903-16",
            },
            {
               name: "[debian-lts-announce] 20190325 [SECURITY] [DLA 1728-1] openssh security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
            },
            {
               name: "FEDORA-2019-0f4190cdb0",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3YVQ2BPTOVDCFDVNC2GGF5P5ISFG37G/",
            },
            {
               name: "openSUSE-SU-2019:1602",
               tags: [
                  "vendor-advisory",
               ],
               url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
            },
            {
               url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
            },
            {
               name: "RHSA-2019:3702",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://access.redhat.com/errata/RHSA-2019:3702",
            },
            {
               url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2019-6109",
      datePublished: "2019-01-31T00:00:00",
      dateReserved: "2019-01-10T00:00:00",
      dateUpdated: "2024-08-04T20:16:24.501Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-28864
Vulnerability from cvelistv5
Published
2020-11-23 18:12
Modified
2024-08-04 16:40
Severity ?
Summary
Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T16:40:59.949Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://winscp.net/forum/viewtopic.php?t=30085",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://winscp.net/tracker/1924",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-11-23T18:12:08",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://winscp.net/forum/viewtopic.php?t=30085",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://winscp.net/tracker/1924",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2020-28864",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://winscp.net/forum/viewtopic.php?t=30085",
                     refsource: "MISC",
                     url: "https://winscp.net/forum/viewtopic.php?t=30085",
                  },
                  {
                     name: "https://winscp.net/tracker/1924",
                     refsource: "MISC",
                     url: "https://winscp.net/tracker/1924",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2020-28864",
      datePublished: "2020-11-23T18:12:08",
      dateReserved: "2020-11-16T00:00:00",
      dateUpdated: "2024-08-04T16:40:59.949Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2002-1360
Vulnerability from cvelistv5
Published
2002-12-17 05:00
Modified
2024-08-08 03:19
Severity ?
Summary
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.
References
http://securitytracker.com/id?1005812vdb-entry, x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797vdb-entry, signature, x_refsource_OVAL
http://www.cert.org/advisories/CA-2002-36.htmlthird-party-advisory, x_refsource_CERT
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.htmlmailing-list, x_refsource_VULNWATCH
http://securitytracker.com/id?1005813vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T03:19:28.662Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "1005812",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005812",
               },
               {
                  name: "oval:org.mitre.oval:def:5797",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797",
               },
               {
                  name: "CA-2002-36",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_CERT",
                     "x_transferred",
                  ],
                  url: "http://www.cert.org/advisories/CA-2002-36.html",
               },
               {
                  name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                  tags: [
                     "mailing-list",
                     "x_refsource_VULNWATCH",
                     "x_transferred",
                  ],
                  url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
               },
               {
                  name: "1005813",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://securitytracker.com/id?1005813",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2002-12-16T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-10-10T00:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "1005812",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005812",
            },
            {
               name: "oval:org.mitre.oval:def:5797",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797",
            },
            {
               name: "CA-2002-36",
               tags: [
                  "third-party-advisory",
                  "x_refsource_CERT",
               ],
               url: "http://www.cert.org/advisories/CA-2002-36.html",
            },
            {
               name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
               tags: [
                  "mailing-list",
                  "x_refsource_VULNWATCH",
               ],
               url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
            },
            {
               name: "1005813",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://securitytracker.com/id?1005813",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2002-1360",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "1005812",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005812",
                  },
                  {
                     name: "oval:org.mitre.oval:def:5797",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797",
                  },
                  {
                     name: "CA-2002-36",
                     refsource: "CERT",
                     url: "http://www.cert.org/advisories/CA-2002-36.html",
                  },
                  {
                     name: "20021216 R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors",
                     refsource: "VULNWATCH",
                     url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
                  },
                  {
                     name: "1005813",
                     refsource: "SECTRACK",
                     url: "http://securitytracker.com/id?1005813",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2002-1360",
      datePublished: "2002-12-17T05:00:00",
      dateReserved: "2002-12-14T00:00:00",
      dateUpdated: "2024-08-08T03:19:28.662Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

var-200212-0625
Vulnerability from variot

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators. The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations

Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC

A complete revision history is at the end of this file.

I. It provides strong encryption, cryptographic host authentication, and integrity protection.... These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.

Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.

Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:

 * CAN-2002-1357 - incorrect field lengths
 * CAN-2002-1358 - lists with empty elements or multiple separators
 * CAN-2002-1359 - "classic" buffer overflows
 * CAN-2002-1360 - null characters in strings

II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.

III. Solution

Apply a patch or upgrade

Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.

Restrict access

Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.

SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.

While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.

Appendix A. Vendor Information

This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.

Cisco Systems, Inc.

 The   official   statement  regarding  this  is  that  we  are  not
 vulnerable.

Cray Inc.

 Cray  Inc.  supports  the  OpenSSH  product through their Cray Open
 Software  (COS)  package.  COS  3.3,  available the end of December
 2002,  is  not vulnerable. If a site is concerned, they can contact
 their  local  Cray  representive  to  obtain  an  early copy of the
 OpenSSH contained in COS 3.3.

F-Secure

 F-Secure  SSH products are not exploitable via these attacks. While
 F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these
 malicious  packets,  we  did  not find ways to exploit this to gain
 unauthorized  access  or  to  run  arbitrary code. Furthermore, the
 crash  occurs  in a forked process so the denial of service attacks
 are not possible.

Fujitsu

 Fujitsu's  UXP/V  OS  is not vulnerable because it does not support
 SSH.

IBM

 IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT
 Vulnerability Note VU#389665.

lsh

 I've now tried the testsuite with the latest stable release of lsh,
 lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.

NetScreen Technologies Inc.

 Tested latest versions. Not Vulnerable.

OpenSSH

 From  my testing it seems that the current version of OpenSSH (3.5)
 is not vulnerable to these problems, and some limited testing shows
 that no version of OpenSSH is vulnerable.

Pragma Systems, Inc.

 December 16, 2002

 Rapid 7 and CERT Coordination Center Vulnerability report VU#389665

 Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
 possible  vulnerability  with  Version  2.0  of Pragma SecureShell. 
 Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new
 Version  3.0,  and found that the attacks did cause a memory access
 protection fault on Microsoft platforms.

 After   research,   Pragma   Systems  corrected  the  problem.

 The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any
 customers  with concerns regarding this vulnerability report should
 contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for
 information  on  obtaining  an upgrade free of charge. Pragma's web
 site is located at www.pragmasys.com and the company can be reached
 at 1-512-219-7270.

PuTTY

 PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.

Appendix B. References

 * CERT/CC Vulnerability Note: VU#389665 -
   http://www.kb.cert.org/vuls/id/389665
 * Rapid 7 Advisory: R7-0009 -
   http://www.rapid7.com/advisories/R7-0009.txt
 * Rapid 7 SSHredder test suite -
   http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
 * IETF     Draft:     SSH     Transport     Layer     Protocol     -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. 
   txt
 * IETF Draft: SSH Protocol Architecture -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
   13.txt
 * Privilege Separated OpenSSH -
   http://www.citi.umich.edu/u/provos/ssh/privsep.html

 _________________________________________________________________

The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________

Author: Art Manion.

This document is available from: http://www.cert.org/advisories/CA-2002-36.html

CERT/CC Contact Information

Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message

subscribe cert-advisory

  • "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________

Conditions for use, disclaimers, and sponsorship information

Copyright 2002 Carnegie Mellon University.

Revision History

December 16, 2002: Initial release

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200212-0625",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ios",
            scope: "eq",
            trust: 2.7,
            vendor: "cisco",
            version: "12.2",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 1.6,
            vendor: "winscp",
            version: "2.0.0",
         },
         {
            model: "shellguard ssh",
            scope: "eq",
            trust: 1.6,
            vendor: "netcomposite",
            version: "3.4.6",
         },
         {
            model: "securenetterm",
            scope: "eq",
            trust: 1.6,
            vendor: "intersoft",
            version: "5.4.1",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.2s",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.2t",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.0st",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.1e",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.1t",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.1ea",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.0s",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1,
            vendor: "putty",
            version: "0.53",
         },
         {
            model: "ssh client",
            scope: "eq",
            trust: 1,
            vendor: "fissh",
            version: "1.0a_for_windows",
         },
         {
            model: "secureshell",
            scope: "eq",
            trust: 1,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1,
            vendor: "putty",
            version: "0.49",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1,
            vendor: "putty",
            version: "0.48",
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "alcatel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "cisco",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "f secure",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "hewlett packard",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "intersoft",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "juniper",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "nortel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "pragma",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "putty",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "riverstone",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "ssh security",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "f-secure ssh",
            scope: "lte",
            trust: 0.8,
            vendor: "f secure",
            version: "3.1.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.0",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.2",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.3",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.49",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.48",
         },
         {
            model: "systems secureshell",
            scope: "eq",
            trust: 0.6,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "ssh client for windows a",
            scope: "eq",
            trust: 0.6,
            vendor: "fissh",
            version: "1.0",
         },
         {
            model: "tatham putty b",
            scope: "ne",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "systems secureshell",
            scope: "ne",
            trust: 0.6,
            vendor: "pragma",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.5",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "lsh",
            scope: "ne",
            trust: 0.6,
            vendor: "lsh",
            version: "1.5",
         },
         {
            model: "securenetterm",
            scope: "ne",
            trust: 0.6,
            vendor: "intersoft",
            version: "5.4.2",
         },
         {
            model: "winsshd",
            scope: "ne",
            trust: 0.6,
            vendor: "bitvise",
            version: "3.5",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.3(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.5",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(3)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.4",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.3",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.2",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.1",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "2.3(5)",
         },
         {
            model: "ons 15454e optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.14",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.5",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(3)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.4",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.3",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.2.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.1.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154542.3(5)",
         },
         {
            model: "ons ios-based blades",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15454",
         },
         {
            model: "ons metro edge optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15327",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.14",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(3)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.4",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.3",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.2",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.0",
         },
         {
            model: "ios 12.2t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1ea",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1e",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0st",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "securecrt",
            scope: "ne",
            trust: 0.3,
            vendor: "vandyke",
            version: "3.4.3",
         },
         {
            model: "vshell",
            scope: "ne",
            trust: 0.3,
            vendor: "van dyke",
            version: "1.2",
         },
         {
            model: "ttssh",
            scope: "ne",
            trust: 0.3,
            vendor: "ttssh",
            version: "1.5.4",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "BID",
            id: "6408",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Rapid 7 Security Advisories※ advisory@rapid7.com",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2002-1358",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: true,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2002-1358",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "VHN-5743",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2002-1358",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#389665",
                  trust: 0.8,
                  value: "11.04",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200212-047",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULHUB",
                  id: "VHN-5743",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization.  Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability has been reported for multiple SSH2 vendors. The vulnerability is a result of SSH2 packets containing empty elements/multiple separators. \nThe vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. \nFurther details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n   Original issue date: December 16, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history is at the end of this file. \n\n\nI. \n     It  provides  strong encryption, cryptographic host authentication,\n     and  integrity  protection.... These vulnerabilities include buffer\n   overflows,  and they occur before any user authentication takes place. \n   SSHredder  was  primarily  designed  to  test  key  exchange and other\n   processes that are specific to version 2 of the SSH protocol; however,\n   certain classes of tests are also applicable to version 1. \n\n   Rapid7  has  published a detailed advisory (R7-0009) and the SSHredder\n   test suite. \n\n   Common  Vulnerabilities and Exposures (CVE) has assigned the following\n   candidate numbers for several classes of tests performed by SSHredder:\n\n     * CAN-2002-1357 - incorrect field lengths\n     * CAN-2002-1358 - lists with empty elements or multiple separators\n     * CAN-2002-1359 - \"classic\" buffer overflows\n     * CAN-2002-1360 - null characters in strings\n\n\nII. On\n   Microsoft  Windows  systems,  SSH  servers  commonly  run  with SYSTEM\n   privileges,  and  on UNIX systems, SSH daemons typically run with root\n   privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n   Apply  the  appropriate  patch or upgrade as specified by your vendor. \n   See Appendix A below and the Systems Affected section of VU#389665 for\n   specific information. \n\nRestrict access\n\n   Limit  access  to  SSH  servers  to  trusted  hosts and networks using\n   firewalls or other packet-filtering systems. Some SSH servers may have\n   the  ability  to  restrict  access  based  on IP addresses, or similar\n   effects  may  be  achieved  by  using  TCP  wrappers  or other related\n   technology. \n\n   SSH  clients  can  reduce  the  risk  of attacks by only connecting to\n   trusted servers by IP address. \n\n   While  these  workarounds  will  not  prevent  exploitation  of  these\n   vulnerabilities,  they  will  make attacks somewhat more difficult, in\n   part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n   This  appendix  contains information provided by vendors. When vendors\n   report  new  information,  this section is updated and the changes are\n   noted  in  the  revision  history. If a vendor is not listed below, we\n   have  not  received  their  comments.  The Systems Affected section of\n   VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n     The   official   statement  regarding  this  is  that  we  are  not\n     vulnerable. \n\nCray Inc. \n\n     Cray  Inc.  supports  the  OpenSSH  product through their Cray Open\n     Software  (COS)  package.  COS  3.3,  available the end of December\n     2002,  is  not vulnerable. If a site is concerned, they can contact\n     their  local  Cray  representive  to  obtain  an  early copy of the\n     OpenSSH contained in COS 3.3. \n\nF-Secure\n\n     F-Secure  SSH products are not exploitable via these attacks. While\n     F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these\n     malicious  packets,  we  did  not find ways to exploit this to gain\n     unauthorized  access  or  to  run  arbitrary code. Furthermore, the\n     crash  occurs  in a forked process so the denial of service attacks\n     are not possible. \n\nFujitsu\n\n     Fujitsu's  UXP/V  OS  is not vulnerable because it does not support\n     SSH. \n\nIBM\n\n     IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT\n     Vulnerability Note VU#389665. \n\nlsh\n\n     I've now tried the testsuite with the latest stable release of lsh,\n     lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n     Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n     From  my testing it seems that the current version of OpenSSH (3.5)\n     is not vulnerable to these problems, and some limited testing shows\n     that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n     December 16, 2002\n\n     Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n     Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n     possible  vulnerability  with  Version  2.0  of Pragma SecureShell. \n     Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new\n     Version  3.0,  and found that the attacks did cause a memory access\n     protection fault on Microsoft platforms. \n\n     After   research,   Pragma   Systems  corrected  the  problem. \n\n     The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any\n     customers  with concerns regarding this vulnerability report should\n     contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for\n     information  on  obtaining  an upgrade free of charge. Pragma's web\n     site is located at www.pragmasys.com and the company can be reached\n     at 1-512-219-7270. \n\nPuTTY\n\n     PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n     * CERT/CC Vulnerability Note: VU#389665 -\n       http://www.kb.cert.org/vuls/id/389665\n     * Rapid 7 Advisory: R7-0009 -\n       http://www.rapid7.com/advisories/R7-0009.txt\n     * Rapid 7 SSHredder test suite -\n       http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n     * IETF     Draft:     SSH     Transport     Layer     Protocol     -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n       txt\n     * IETF Draft: SSH Protocol Architecture -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n       13.txt\n     * Privilege Separated OpenSSH -\n       http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n     _________________________________________________________________\n\n   The  CERT  Coordination  Center  thanks  Rapid7  for  researching  and\n   reporting these vulnerabilities. \n     _________________________________________________________________\n\n   Author: Art Manion. \n   ______________________________________________________________________\n\n   This document is available from:\n   http://www.cert.org/advisories/CA-2002-36.html\n   ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n   Email: cert@cert.org\n          Phone: +1 412-268-7090 (24-hour hotline)\n          Fax: +1 412-268-6989\n          Postal address:\n          CERT Coordination Center\n          Software Engineering Institute\n          Carnegie Mellon University\n          Pittsburgh PA 15213-3890\n          U.S.A. \n\n   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /\n   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies\n   during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n   We  strongly  urge you to encrypt sensitive information sent by email. \n   Our public PGP key is available from\n   http://www.cert.org/CERT_PGP.key\n\n   If  you  prefer  to  use  DES,  please  call the CERT hotline for more\n   information. \n\nGetting security information\n\n   CERT  publications  and  other security information are available from\n   our web site\n   http://www.cert.org/\n\n   To  subscribe  to  the CERT mailing list for advisories and bulletins,\n   send  email  to majordomo@cert.org. Please include in the body of your\n   message\n\n   subscribe cert-advisory\n\n   *  \"CERT\"  and  \"CERT  Coordination Center\" are registered in the U.S. \n   Patent and Trademark Office. \n   ______________________________________________________________________\n\n   NO WARRANTY\n   Any  material furnished by Carnegie Mellon University and the Software\n   Engineering  Institute  is  furnished  on  an  \"as is\" basis. Carnegie\n   Mellon University makes no warranties of any kind, either expressed or\n   implied  as  to  any matter including, but not limited to, warranty of\n   fitness  for  a  particular purpose or merchantability, exclusivity or\n   results  obtained from use of the material. Carnegie Mellon University\n   does  not  make  any warranty of any kind with respect to freedom from\n   patent, trademark, or copyright infringement. \n     _________________________________________________________________\n\n   Conditions for use, disclaimers, and sponsorship information\n\n   Copyright 2002 Carnegie Mellon University. \n\n   Revision History\n\n   December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            db: "BID",
            id: "6408",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
      ],
      trust: 3.06,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2002-1358",
            trust: 2.8,
         },
         {
            db: "CERT/CC",
            id: "VU#389665",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1005813",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1005812",
            trust: 1.7,
         },
         {
            db: "BID",
            id: "6408",
            trust: 1.2,
         },
         {
            db: "BID",
            id: "6397",
            trust: 1.1,
         },
         {
            db: "BID",
            id: "6407",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6410",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6405",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
            trust: 0.7,
         },
         {
            db: "OVAL",
            id: "OVAL:ORG.MITRE.OVAL:DEF:5721",
            trust: 0.6,
         },
         {
            db: "CERT/CC",
            id: "CA-2002-36",
            trust: 0.6,
         },
         {
            db: "VULNWATCH",
            id: "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-5743",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "30625",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            db: "BID",
            id: "6408",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
   },
   id: "VAR-200212-0625",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5743",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:13:58.008000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            title: "2003120403",
            trust: 0.8,
            url: "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml",
         },
         {
            title: "303",
            trust: 0.8,
            url: "http://www.ssh.com/company/newsroom/article/303/",
         },
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.2,
            url: "http://www.cert.org/advisories/ca-2002-36.html",
         },
         {
            trust: 1.7,
            url: "http://securitytracker.com/id?1005812",
         },
         {
            trust: 1.7,
            url: "http://securitytracker.com/id?1005813",
         },
         {
            trust: 1.7,
            url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
         },
         {
            trust: 1.1,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5721",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/advisories/r7-0009.txt",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666",
         },
         {
            trust: 0.9,
            url: "http://www.citi.umich.edu/u/provos/ssh/privsep.html",
         },
         {
            trust: 0.9,
            url: "http://www.kb.cert.org/vuls/id/389665",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ciac.org/ciac/bulletins/n-028.shtml",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1358",
         },
         {
            trust: 0.8,
            url: "http://www.jpcert.or.jp/wr/2002/wr025001.txt",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnca-2002-36",
         },
         {
            trust: 0.8,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1358",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6407",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6405",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6408",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6397",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6410",
         },
         {
            trust: 0.6,
            url: "http://www.f-secure.com/",
         },
         {
            trust: 0.6,
            url: "http://www.ssh.com",
         },
         {
            trust: 0.6,
            url: "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5721",
         },
         {
            trust: 0.3,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            trust: 0.3,
            url: "/archive/1/305241",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/cert_pgp.key",
         },
         {
            trust: 0.1,
            url: "https://www.pragmasys.com",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            db: "BID",
            id: "6408",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            db: "BID",
            id: "6408",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2002-12-16T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6408",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            date: "2002-12-21T10:23:09",
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            date: "2002-12-23T05:00:00",
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2003-06-18T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2017-10-11T00:00:00",
            db: "VULHUB",
            id: "VHN-5743",
         },
         {
            date: "2009-07-11T19:16:00",
            db: "BID",
            id: "6408",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000323",
         },
         {
            date: "2017-10-11T01:29:03.683000",
            db: "NVD",
            id: "CVE-2002-1358",
         },
         {
            date: "2009-03-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200212-047",
         },
      ],
      trust: 0.6,
   },
}

var-201901-1500
Vulnerability from variot

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. OpenSSH Contains an access control vulnerability.Information may be tampered with. OpenSSH is prone to an access-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. OpenSSH version 7.9 is vulnerable. ========================================================================== Ubuntu Security Notice USN-3885-1 February 07, 2019

openssh vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in OpenSSH.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10: openssh-client 1:7.7p1-4ubuntu0.2

Ubuntu 18.04 LTS: openssh-client 1:7.6p1-4ubuntu0.2

Ubuntu 16.04 LTS: openssh-client 1:7.2p2-4ubuntu2.7

Ubuntu 14.04 LTS: openssh-client 1:6.6p1-2ubuntu2.12

In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: March 20, 2019 Bugs: #675520, #675522 ID: 201903-16

Synopsis

Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/openssh < 7.9_p1-r4 >= 7.9_p1-r4

Description

Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.9_p1-r4"

References

[ 1 ] CVE-2018-20685 https://nvd.nist.gov/vuln/detail/CVE-2018-20685 [ 2 ] CVE-2019-6109 https://nvd.nist.gov/vuln/detail/CVE-2019-6109 [ 3 ] CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 [ 4 ] CVE-2019-6111 https://nvd.nist.gov/vuln/detail/CVE-2019-6111

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:3702-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3702 Issue date: 2019-11-05 CVE Names: CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 =====================================================================

  1. Summary:

An update for openssh is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

The following packages have been upgraded to a later upstream version: openssh (8.0p1).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0 1691045 - Rebase OpenSSH to latest release (8.0p1?) 1707485 - Use high-level API to do signatures 1712436 - MD5 is used when writing password protected PEM 1732424 - ssh-keygen -A fails in FIPS mode because of DSA key 1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64: openssh-askpass-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm

ppc64le: openssh-askpass-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm

s390x: openssh-askpass-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm

x86_64: openssh-askpass-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source: openssh-8.0p1-3.el8.src.rpm

aarch64: openssh-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm

ppc64le: openssh-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm

s390x: openssh-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm

x86_64: openssh-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-20685 https://access.redhat.com/security/cve/CVE-2019-6109 https://access.redhat.com/security/cve/CVE-2019-6111 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1 dPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8 ArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2 MhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X QCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT pILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL IyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU +gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR rIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH rt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8 TZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8 I+am8dhVlyM= =iPw4 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . scp client multiple vulnerabilities =================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Overview

SCP clients from multiple vendors are susceptible to a malicious scp server performing unauthorized changes to target directory and/or client output manipulation.

Description

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. Finally, two vulnerabilities in clients may allow server to spoof the client output.

Details

The discovered vulnerabilities, described in more detail below, enables the attack described here in brief.

  1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim's home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:

    user@local:~$ scp user@remote:readme.txt . readme.txt 100% 494 1.6KB/s 00:00 user@local:~$

  2. Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.

*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.

Vulnerabilities

  1. CWE-20: scp client missing received object name validation [CVE-2019-6111]

Due to the scp implementation being derived from 1983 rcp [1], the server chooses which files/directories are sent to the client. However, scp client only perform cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys).

The same vulnerability in WinSCP is known as CVE-2018-20684.

  1. CWE-451: scp client spoofing via object name [CVE-2019-6109]

Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

  1. CWE-451: scp client spoofing via stderr [CVE-2019-6110]

Due to accepting and displaying arbitrary stderr output from the scp server, a malicious server can manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

Proof-of-Concept

Proof of concept malicious scp server will be released at a later date.

Vulnerable versions

The following software packages have some or all vulnerabilities:

                ver      #1  #2  #3  #4

OpenSSH scp <=7.9 x x x x PuTTY PSCP ? - - x x WinSCP scp mode <=5.13 - x - -

Tectia SSH scpg3 is not affected since it exclusively uses sftp protocol.

Mitigation

  1. OpenSSH

1.1 Switch to sftp if possible

1.2 Alternatively apply the following patch to harden scp against most server-side manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch

 NOTE: This patch may cause problems if the the remote and local shells don't
 agree on the way glob() pattern matching works. YMMV.
  1. PuTTY

2.1 No fix is available yet

  1. WinSCP

3.1. Upgrade to WinSCP 5.14 or later

Similar or prior work

  1. CVE-2000-0992 - scp overwrites arbitrary files

References

  1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access

Credits

The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.

Timeline

2018.08.08 initial discovery of vulnerabilities #1 and #2 2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH 2018.08.10 OpenSSH acknowledged the vulnerabilities 2018.08.14 discovered & reported vulnerability #3 to OpenSSH 2018.08.15 discovered & reported vulnerability #4 to OpenSSH 2018.08.30 reported PSCP vulnerabilities (#3 and #4) to PuTTY developers 2018.08.31 reported WinSCP vulnerability (#2) to WinSCP developers 2018.09.04 WinSCP developers reported the vulnerability #2 fixed 2018.11.12 requested a status update from OpenSSH 2018.11.16 OpenSSH fixed vulnerability #1 2019.01.07 requested a status update from OpenSSH 2019.01.08 requested CVE assignments from MITRE 2019.01.10 received CVE assignments from MITRE 2019.01.11 public disclosure of the advisory 2019.01.14 added a warning about the potential issues caused by the patch

. All the vulnerabilities are in found in the scp client implementing the SCP protocol. The check added in this version can lead to regression if the client and the server have differences in wildcard expansion rules. If the server is trusted for that purpose, the check can be disabled with a new -T option to the scp client.

For the stable distribution (stretch), these problems have been fixed in version 1:7.4p1-10+deb9u5.

For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX RFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ t2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX ueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF sEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9 GHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC bHFd+tbxB1LxEO96zKguYpPIzw7Kcw== =5Fd8 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201901-1500",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "solaris",
            scope: "eq",
            trust: 1.3,
            vendor: "oracle",
            version: "10",
         },
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "m10-4",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "winscp",
            scope: "lte",
            trust: 1,
            vendor: "winscp",
            version: "5.13",
         },
         {
            model: "steelstore cloud integrated storage",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "scalance x204rna eec",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "m10-4s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "m10-4",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "ontap select deploy",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "openssh",
            scope: "lte",
            trust: 1,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "m12-2",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "cloud backup",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "m10-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "element software",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "m10-4s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.10",
         },
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "m12-2",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "scalance x204rna",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "m12-2s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "m12-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.0",
         },
         {
            model: "m10-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "8.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "storage automation store",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.1",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "m12-2s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "m12-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "14.04",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0",
         },
         {
            model: "ubuntu",
            scope: null,
            trust: 0.8,
            vendor: "canonical",
            version: null,
         },
         {
            model: "gnu/linux",
            scope: null,
            trust: 0.8,
            vendor: "debian",
            version: null,
         },
         {
            model: "element software",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "cloud backup",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "ontap select deploy administration utility",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "steelstore cloud integrated storage",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "storage automation store",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.8,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "winscp",
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "7",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.9",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.1",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.0",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.4",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "106531",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "7.9",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "5.13",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Red Hat,Harry Sintonen,Gentoo",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2018-20685",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 2.6,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 4.9,
                  impactScore: 2.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "LOW",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "High",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 2.6,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2018-20685",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Low",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 1.6,
                  impactScore: 3.6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5.3,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2018-20685",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2018-20685",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201901-347",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2018-20685",
                  trust: 0.1,
                  value: "LOW",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. OpenSSH Contains an access control vulnerability.Information may be tampered with. OpenSSH is prone to an access-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. \nOpenSSH version 7.9 is vulnerable. ==========================================================================\nUbuntu Security Notice USN-3885-1\nFebruary 07, 2019\n\nopenssh vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in OpenSSH. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  openssh-client                  1:7.7p1-4ubuntu0.2\n\nUbuntu 18.04 LTS:\n  openssh-client                  1:7.6p1-4ubuntu0.2\n\nUbuntu 16.04 LTS:\n  openssh-client                  1:7.2p2-4ubuntu2.7\n\nUbuntu 14.04 LTS:\n  openssh-client                  1:6.6p1-2ubuntu2.12\n\nIn general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201903-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSH: Multiple vulnerabilities\n     Date: March 20, 2019\n     Bugs: #675520, #675522\n       ID: 201903-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSH, the worst of which\ncould allow a remote attacker to gain unauthorized access. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/openssh           < 7.9_p1-r4              >= 7.9_p1-r4 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSH. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=net-misc/openssh-7.9_p1-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-20685\n      https://nvd.nist.gov/vuln/detail/CVE-2018-20685\n[ 2 ] CVE-2019-6109\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6109\n[ 3 ] CVE-2019-6110\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6110\n[ 4 ] CVE-2019-6111\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6111\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssh security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2019:3702-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3702\nIssue date:        2019-11-05\nCVE Names:         CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 \n=====================================================================\n\n1. Summary:\n\nAn update for openssh is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux,\nUNIX, and similar operating systems. It includes the core files necessary\nfor both the OpenSSH client and server. \n\nThe following packages have been upgraded to a later upstream version:\nopenssh (8.0p1). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically. \n1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0\n1691045 - Rebase OpenSSH to latest release (8.0p1?)\n1707485 - Use high-level API to do signatures\n1712436 - MD5 is used when writing password protected PEM\n1732424 - ssh-keygen -A fails in FIPS mode because of DSA key\n1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nopenssh-askpass-8.0p1-3.el8.aarch64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debugsource-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm\n\nppc64le:\nopenssh-askpass-8.0p1-3.el8.ppc64le.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debugsource-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm\n\ns390x:\nopenssh-askpass-8.0p1-3.el8.s390x.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debugsource-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.s390x.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm\n\nx86_64:\nopenssh-askpass-8.0p1-3.el8.x86_64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debugsource-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nopenssh-8.0p1-3.el8.src.rpm\n\naarch64:\nopenssh-8.0p1-3.el8.aarch64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debugsource-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-server-8.0p1-3.el8.aarch64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm\n\nppc64le:\nopenssh-8.0p1-3.el8.ppc64le.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debugsource-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm\n\ns390x:\nopenssh-8.0p1-3.el8.s390x.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-clients-8.0p1-3.el8.s390x.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debugsource-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-server-8.0p1-3.el8.s390x.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.s390x.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm\n\nx86_64:\nopenssh-8.0p1-3.el8.x86_64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debugsource-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-server-8.0p1-3.el8.x86_64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20685\nhttps://access.redhat.com/security/cve/CVE-2019-6109\nhttps://access.redhat.com/security/cve/CVE-2019-6111\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1\ndPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8\nArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2\nMhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X\nQCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT\npILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL\nIyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU\n+gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR\nrIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH\nrt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8\nTZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8\nI+am8dhVlyM=\n=iPw4\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. scp client multiple vulnerabilities\n===================================\nThe latest version of this advisory is available at:\nhttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt\n\n\nOverview\n--------\n\nSCP clients from multiple vendors are susceptible to a malicious scp server performing\nunauthorized changes to target directory and/or client output manipulation. \n\n\nDescription\n-----------\n\nMany scp clients fail to verify if the objects returned by the scp server match those\nit asked for. This issue dates back to 1983 and rcp, on which scp is based. \nFinally, two vulnerabilities in clients may allow server to spoof the client output. \n\n\nDetails\n-------\n\nThe discovered vulnerabilities, described in more detail below, enables the attack\ndescribed here in brief. \n\n1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases\n    file to victim's home directory when the victim performs scp operation from the\n    server. The transfer of extra files is hidden by sending ANSI control sequences\n    via stderr. For example:\n\n    user@local:~$ scp user@remote:readme.txt . \n    readme.txt                                         100%  494     1.6KB/s   00:00\n    user@local:~$\n\n2. Once the victim launches a new shell, the malicious commands in .bash_aliases get\n    executed. \n\n\n*) Man-in-the-Middle attack does require the victim to accept the wrong host\n    fingerprint. \n\n\nVulnerabilities\n---------------\n\n1. \n\n\n2. CWE-20: scp client missing received object name validation [CVE-2019-6111]\n\nDue to the scp implementation being derived from 1983 rcp [1], the server chooses which\nfiles/directories are sent to the client. However, scp client only perform cursory\nvalidation of the object name returned (only directory traversal attacks are prevented). \nA malicious scp server can overwrite arbitrary files in the scp client target directory. \nIf recursive operation (-r) is performed, the server can manipulate subdirectories\nas well (for example overwrite .ssh/authorized_keys). \n\nThe same vulnerability in WinSCP is known as CVE-2018-20684. \n\n\n3. CWE-451: scp client spoofing via object name [CVE-2019-6109]\n\nDue to missing character encoding in the progress display, the object name can be used\nto manipulate the client output, for example to employ ANSI codes to hide additional\nfiles being transferred. \n\n\n4. CWE-451: scp client spoofing via stderr [CVE-2019-6110]\n\nDue to accepting and displaying arbitrary stderr output from the scp server, a\nmalicious server can manipulate the client output, for example to employ ANSI codes\nto hide additional files being transferred. \n\n\nProof-of-Concept\n----------------\n\nProof of concept malicious scp server will be released at a later date. \n\n\nVulnerable versions\n-------------------\n\nThe following software packages have some or all vulnerabilities:\n\n                    ver      #1  #2  #3  #4\nOpenSSH scp        <=7.9    x   x   x   x\nPuTTY PSCP         ?        -   -   x   x\nWinSCP scp mode    <=5.13   -   x   -   -\n\nTectia SSH scpg3 is not affected since it exclusively uses sftp protocol. \n\n\nMitigation\n----------\n\n1. OpenSSH\n\n1.1 Switch to sftp if possible\n\n1.2 Alternatively apply the following patch to harden scp against most server-side\n     manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch\n\n     NOTE: This patch may cause problems if the the remote and local shells don't\n     agree on the way glob() pattern matching works. YMMV. \n\n2. PuTTY\n\n2.1 No fix is available yet\n\n3. WinSCP\n\n3.1. Upgrade to WinSCP 5.14 or later\n\n\n\nSimilar or prior work\n---------------------\n\n1. CVE-2000-0992 - scp overwrites arbitrary files\n\n\nReferences\n----------\n\n1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access\n\n\nCredits\n-------\n\nThe vulnerability was discovered by Harry Sintonen / F-Secure Corporation. \n\n\nTimeline\n--------\n\n2018.08.08  initial discovery of vulnerabilities #1 and #2\n2018.08.09  reported vulnerabilities #1 and #2 to OpenSSH\n2018.08.10  OpenSSH acknowledged the vulnerabilities\n2018.08.14  discovered & reported vulnerability #3 to OpenSSH\n2018.08.15  discovered & reported vulnerability #4 to OpenSSH\n2018.08.30  reported PSCP vulnerabilities (#3 and #4) to PuTTY developers\n2018.08.31  reported WinSCP vulnerability (#2) to WinSCP developers\n2018.09.04  WinSCP developers reported the vulnerability #2 fixed\n2018.11.12  requested a status update from OpenSSH\n2018.11.16  OpenSSH fixed vulnerability #1\n2019.01.07  requested a status update from OpenSSH\n2019.01.08  requested CVE assignments from MITRE\n2019.01.10  received CVE assignments from MITRE\n2019.01.11  public disclosure of the advisory\n2019.01.14  added a warning about the potential issues caused by the patch\n\n\n. All the vulnerabilities\nare in found in the scp client implementing the SCP protocol. \n    The check added in this version can lead to regression if the client and\n    the server have differences in wildcard expansion rules. If the server is\n    trusted for that purpose, the check can be disabled with a new -T option to\n    the scp client. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:7.4p1-10+deb9u5. \n\nFor the detailed security status of openssh please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssh\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX\nRFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ\nt2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX\nueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF\nsEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9\nGHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC\nbHFd+tbxB1LxEO96zKguYpPIzw7Kcw==\n=5Fd8\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "BID",
            id: "106531",
         },
         {
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            db: "PACKETSTORM",
            id: "151577",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "158639",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
      ],
      trust: 2.52,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2018-20685",
            trust: 3.4,
         },
         {
            db: "BID",
            id: "106531",
            trust: 2,
         },
         {
            db: "SIEMENS",
            id: "SSA-412672",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "152154",
            trust: 0.7,
         },
         {
            db: "PACKETSTORM",
            id: "158639",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1280.2",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1410.2",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2022.5087",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1280",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.0410.3",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.3795",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1410",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.2671",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
            trust: 0.6,
         },
         {
            db: "ICS CERT",
            id: "ICSA-22-349-21",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2018-20685",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151577",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "155158",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151175",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151601",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            db: "BID",
            id: "106531",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "PACKETSTORM",
            id: "151577",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "158639",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
   },
   id: "VAR-201901-1500",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.6178670799999999,
   },
   last_update_date: "2023-12-18T11:43:08.750000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "DSA-4387",
            trust: 0.8,
            url: "https://www.debian.org/security/2019/dsa-4387",
         },
         {
            title: "upstream: disallow empty incoming filename or ones that refer to the current directory",
            trust: 0.8,
            url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
         },
         {
            title: "NTAP-20190215-0001",
            trust: 0.8,
            url: "https://security.netapp.com/advisory/ntap-20190215-0001/",
         },
         {
            title: "Diff for /src/usr.bin/ssh/scp.c between version 1.197 and 1.198",
            trust: 0.8,
            url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
         },
         {
            title: "USN-3885-1",
            trust: 0.8,
            url: "https://usn.ubuntu.com/3885-1/",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://winscp.net/eng/index.php",
         },
         {
            title: "OpenSSH scp Repair measures for client security vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=88522",
         },
         {
            title: "The Register",
            trust: 0.2,
            url: "https://www.theregister.co.uk/2019/01/15/scp_vulnerability/",
         },
         {
            title: "Red Hat: Moderate: openssh security, bug fix, and enhancement update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20193702 - security advisory",
         },
         {
            title: "Ubuntu Security Notice: openssh vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3885-1",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=dffe92fd93b8f745f5f15bc2f29dc935",
         },
         {
            title: "Arch Linux Issues: ",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2018-20685",
         },
         {
            title: "Arch Linux Advisories: [ASA-201904-11] openssh: multiple issues",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=asa-201904-11",
         },
         {
            title: "Debian CVElist Bug Report Logs: netkit-rsh: CVE-2019-7282 CVE-2019-7283",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a043554ad34dcb6b0dc285dc8ea3ce0d",
         },
         {
            title: "Debian CVElist Bug Report Logs: CVE-2019-6111 not fixed, file transfer of unwanted files by malicious SSH server still possible",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=74b791ca4fdf54c27d2b50ef6845ef8e",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssh: CVE-2018-20685: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8394bb17731a99ef76b185cbc70acfa3",
         },
         {
            title: "Amazon Linux AMI: ALAS-2019-1313",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2019-1313",
         },
         {
            title: "Amazon Linux 2: ALAS2-2019-1216",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2019-1216",
         },
         {
            title: "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=50a54c2fb43b489f64442dcf4f25bc3b",
         },
         {
            title: "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf3f2299a8658b7cd3984c40e7060666",
         },
         {
            title: "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v1)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=979e60202a29c3c55731e37f8ddc5a3b",
         },
         {
            title: "Siemens Security Advisories: Siemens Security Advisory",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2018-20685 ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/h4xrox/direct-admin-vulnerability-disclosure ",
         },
         {
            title: "DC-4-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/dc-4-vulnhub-walkthrough ",
         },
         {
            title: "nmap",
            trust: 0.1,
            url: "https://github.com/devairdarolt/nmap ",
         },
         {
            title: "github_aquasecurity_trivy",
            trust: 0.1,
            url: "https://github.com/back8/github_aquasecurity_trivy ",
         },
         {
            title: "TrivyWeb",
            trust: 0.1,
            url: "https://github.com/korayagaya/trivyweb ",
         },
         {
            title: "Funbox2-rookie",
            trust: 0.1,
            url: "https://github.com/vaishali1998/funbox2-rookie ",
         },
         {
            title: "Vulnerability-Scanner-for-Containers",
            trust: 0.1,
            url: "https://github.com/t31m0/vulnerability-scanner-for-containers ",
         },
         {
            title: "security",
            trust: 0.1,
            url: "https://github.com/umahari/security ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/mohzeela/external-secret ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/simiyo/trivy ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/aquasecurity/trivy ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/knqyf263/trivy ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/siddharthraopotukuchi/trivy ",
         },
         {
            title: "Basic-Pentesting-2-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2-vulnhub-walkthrough ",
         },
         {
            title: "Basic-Pentesting-2",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2 ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-863",
            trust: 1,
         },
         {
            problemtype: "CWE-284",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.5,
            url: "http://www.securityfocus.com/bid/106531",
         },
         {
            trust: 2.6,
            url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
         },
         {
            trust: 2.5,
            url: "https://access.redhat.com/errata/rhsa-2019:3702",
         },
         {
            trust: 2.3,
            url: "https://www.debian.org/security/2019/dsa-4387",
         },
         {
            trust: 2,
            url: "https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2",
         },
         {
            trust: 2,
            url: "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h",
         },
         {
            trust: 2,
            url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
         },
         {
            trust: 1.8,
            url: "https://usn.ubuntu.com/3885-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/201903-16",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/202007-53",
         },
         {
            trust: 1.7,
            url: "https://security.netapp.com/advisory/ntap-20190215-0001/",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
         },
         {
            trust: 1.7,
            url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
         },
         {
            trust: 1.7,
            url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
         },
         {
            trust: 1.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20685",
         },
         {
            trust: 1.4,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-20685",
         },
         {
            trust: 1,
            url: "https://access.redhat.com/security/cve/cve-2018-20685",
         },
         {
            trust: 0.9,
            url: "http://www.openssh.org/",
         },
         {
            trust: 0.9,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1665785",
         },
         {
            trust: 0.9,
            url: "https://support.f5.com/csp/article/k11315080",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20685",
         },
         {
            trust: 0.6,
            url: "http://www.ibm.com/support/docview.wss?uid=ibm10872060",
         },
         {
            trust: 0.6,
            url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10872060",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/75338",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1280.2/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.2671/",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/158639/gentoo-linux-security-advisory-202007-53.html",
         },
         {
            trust: 0.6,
            url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10882554",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/152154/gentoo-linux-security-advisory-201903-16.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1410.2/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2022.5087",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1280/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.3795/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1410/",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6111",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6109",
         },
         {
            trust: 0.2,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.2,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6110",
         },
         {
            trust: 0.2,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/863.html",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=59473",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.12",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.7",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:7.7p1-4ubuntu0.2",
         },
         {
            trust: 0.1,
            url: "https://usn.ubuntu.com/usn/usn-3885-1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.2",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-0739",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-12437",
         },
         {
            trust: 0.1,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2019-6111",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            trust: 0.1,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2019-6109",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20684",
         },
         {
            trust: 0.1,
            url: "https://sintonen.fi/advisories/scp-name-validator.patch",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2000-0992",
         },
         {
            trust: 0.1,
            url: "https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openssh",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            db: "BID",
            id: "106531",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "PACKETSTORM",
            id: "151577",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "158639",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            db: "BID",
            id: "106531",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            db: "PACKETSTORM",
            id: "151577",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "158639",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2018-20685",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-01-10T00:00:00",
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            date: "2019-01-10T00:00:00",
            db: "BID",
            id: "106531",
         },
         {
            date: "2019-03-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            date: "2019-02-07T19:22:22",
            db: "PACKETSTORM",
            id: "151577",
         },
         {
            date: "2019-03-20T16:09:02",
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            date: "2020-07-29T00:06:47",
            db: "PACKETSTORM",
            id: "158639",
         },
         {
            date: "2019-11-06T15:55:27",
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            date: "2019-01-16T15:04:39",
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            date: "2019-02-11T16:13:15",
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            date: "2019-01-10T21:29:00.377000",
            db: "NVD",
            id: "CVE-2018-20685",
         },
         {
            date: "2019-01-11T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-02-23T00:00:00",
            db: "VULMON",
            id: "CVE-2018-20685",
         },
         {
            date: "2019-04-18T12:00:00",
            db: "BID",
            id: "106531",
         },
         {
            date: "2019-03-07T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
         {
            date: "2023-02-23T23:15:18.260000",
            db: "NVD",
            id: "CVE-2018-20685",
         },
         {
            date: "2022-12-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "151577",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
      trust: 0.8,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenSSH Access control vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2018-013957",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "access control error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201901-347",
         },
      ],
      trust: 0.6,
   },
}

var-200212-0626
Vulnerability from variot

Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to buffer overflows. These buffer overflows are alleged to be exploitable prior to authentication. These conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol. Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations

Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC

A complete revision history is at the end of this file.

I. It provides strong encryption, cryptographic host authentication, and integrity protection.... SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.

Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.

Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:

 * CAN-2002-1357 - incorrect field lengths
 * CAN-2002-1358 - lists with empty elements or multiple separators
 * CAN-2002-1359 - "classic" buffer overflows
 * CAN-2002-1360 - null characters in strings

II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.

III. Solution

Apply a patch or upgrade

Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.

Restrict access

Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.

SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.

While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.

Appendix A. Vendor Information

This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.

Cisco Systems, Inc.

 The   official   statement  regarding  this  is  that  we  are  not
 vulnerable.

Cray Inc.

 Cray  Inc.  supports  the  OpenSSH  product through their Cray Open
 Software  (COS)  package.  COS  3.3,  available the end of December
 2002,  is  not vulnerable. If a site is concerned, they can contact
 their  local  Cray  representive  to  obtain  an  early copy of the
 OpenSSH contained in COS 3.3.

F-Secure

 F-Secure  SSH products are not exploitable via these attacks. While
 F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these
 malicious  packets,  we  did  not find ways to exploit this to gain
 unauthorized  access  or  to  run  arbitrary code. Furthermore, the
 crash  occurs  in a forked process so the denial of service attacks
 are not possible.

Fujitsu

 Fujitsu's  UXP/V  OS  is not vulnerable because it does not support
 SSH.

IBM

 IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT
 Vulnerability Note VU#389665.

lsh

 I've now tried the testsuite with the latest stable release of lsh,
 lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.

NetScreen Technologies Inc.

 Tested latest versions. Not Vulnerable.

OpenSSH

 From  my testing it seems that the current version of OpenSSH (3.5)
 is not vulnerable to these problems, and some limited testing shows
 that no version of OpenSSH is vulnerable.

Pragma Systems, Inc.

 December 16, 2002

 Rapid 7 and CERT Coordination Center Vulnerability report VU#389665

 Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
 possible  vulnerability  with  Version  2.0  of Pragma SecureShell. 
 Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new
 Version  3.0,  and found that the attacks did cause a memory access
 protection fault on Microsoft platforms.

 After   research,   Pragma   Systems  corrected  the  problem.

 The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any
 customers  with concerns regarding this vulnerability report should
 contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for
 information  on  obtaining  an upgrade free of charge. Pragma's web
 site is located at www.pragmasys.com and the company can be reached
 at 1-512-219-7270.

PuTTY

 PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.

Appendix B. References

 * CERT/CC Vulnerability Note: VU#389665 -
   http://www.kb.cert.org/vuls/id/389665
 * Rapid 7 Advisory: R7-0009 -
   http://www.rapid7.com/advisories/R7-0009.txt
 * Rapid 7 SSHredder test suite -
   http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
 * IETF     Draft:     SSH     Transport     Layer     Protocol     -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. 
   txt
 * IETF Draft: SSH Protocol Architecture -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
   13.txt
 * Privilege Separated OpenSSH -
   http://www.citi.umich.edu/u/provos/ssh/privsep.html

 _________________________________________________________________

The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________

Author: Art Manion.

This document is available from: http://www.cert.org/advisories/CA-2002-36.html

CERT/CC Contact Information

Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message

subscribe cert-advisory

  • "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________

Conditions for use, disclaimers, and sponsorship information

Copyright 2002 Carnegie Mellon University.

Revision History

December 16, 2002: Initial release

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200212-0626",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ios",
            scope: "eq",
            trust: 2.8,
            vendor: "cisco",
            version: "12.2",
         },
         {
            model: "securenetterm",
            scope: "eq",
            trust: 1.7,
            vendor: "intersoft",
            version: "5.4.1",
         },
         {
            model: "shellguard ssh",
            scope: "eq",
            trust: 1.7,
            vendor: "netcomposite",
            version: "3.4.6",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 1.7,
            vendor: "winscp",
            version: "2.0.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.0s",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.0st",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.1e",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.1ea",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.1t",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.2s",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.2t",
         },
         {
            model: "secureshell",
            scope: "eq",
            trust: 1.1,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1.1,
            vendor: "putty",
            version: "0.48",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1.1,
            vendor: "putty",
            version: "0.49",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1.1,
            vendor: "putty",
            version: "0.53",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 1.1,
            vendor: "cisco",
            version: "6.2",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 1.1,
            vendor: "cisco",
            version: "6.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 1.1,
            vendor: "cisco",
            version: "6.0",
         },
         {
            model: "ssh client",
            scope: "eq",
            trust: 1,
            vendor: "fissh",
            version: "1.0a_for_windows",
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "alcatel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "cisco",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "f secure",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "hewlett packard",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "intersoft",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "juniper",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "nortel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "pragma",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "putty",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "riverstone",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "ssh security",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "f-secure ssh",
            scope: "lte",
            trust: 0.8,
            vendor: "f secure",
            version: "3.1.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.3",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.49",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.48",
         },
         {
            model: "systems secureshell",
            scope: "eq",
            trust: 0.6,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "ssh client for windows a",
            scope: "eq",
            trust: 0.6,
            vendor: "fissh",
            version: "1.0",
         },
         {
            model: "tatham putty b",
            scope: "ne",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "systems secureshell",
            scope: "ne",
            trust: 0.6,
            vendor: "pragma",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.5",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "lsh",
            scope: "ne",
            trust: 0.6,
            vendor: "lsh",
            version: "1.5",
         },
         {
            model: "securenetterm",
            scope: "ne",
            trust: 0.6,
            vendor: "intersoft",
            version: "5.4.2",
         },
         {
            model: "ios 12.2",
            scope: "ne",
            trust: 0.6,
            vendor: "cisco",
            version: null,
         },
         {
            model: "winsshd",
            scope: "ne",
            trust: 0.6,
            vendor: "bitvise",
            version: "3.5",
         },
         {
            model: "webns",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "7.10",
         },
         {
            model: "webns",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "7.10.2.06",
         },
         {
            model: "webns",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "7.10.1.02",
         },
         {
            model: "webns",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.20",
         },
         {
            model: "webns",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.10",
         },
         {
            model: "webns",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5.10.0.10",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.2.2.111",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.2.2",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.2.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.2(2)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.2(1)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.1.4",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.1.3",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.1(4)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.1(3)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.1(2)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.1(1)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0.4",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0.3",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0(4)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0(2)",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.3(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.5",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(3)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.4",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.3",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.2",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.1",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "2.3(5)",
         },
         {
            model: "ons 15454e optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.14",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.5",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(3)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.4",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.3",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.2.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.1.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154542.3(5)",
         },
         {
            model: "ons ios-based blades",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15454",
         },
         {
            model: "ons metro edge optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15327",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.14",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(3)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.4",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.3",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.2",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.0",
         },
         {
            model: "ios 12.2t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2 t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2 s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "12.2(1)",
         },
         {
            model: "ios 12.1t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1ea",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1e",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1 e",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1 t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0st",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0 s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0 st",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "firewall services module",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "2.1(0.208)",
         },
         {
            model: "aironet 1t",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "12.0",
         },
         {
            model: "aironet 0t",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "12.0",
         },
         {
            model: "webns .0.06s",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "7.10",
         },
         {
            model: "webns .0.06s",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "5.20",
         },
         {
            model: "pix firewall",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "6.3(1)",
         },
         {
            model: "pix firewall",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "6.2(3)",
         },
         {
            model: "pix firewall",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "6.1(5)",
         },
         {
            model: "pix firewall",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "6.0(4.101)",
         },
         {
            model: "ios 12.2 s",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2 t1",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2 t3",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1 e1",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1 ea1c",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1 e3",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0 s2",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0 s4",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0 st6",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0 s6",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0 st7",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "aironet 1t1",
            scope: "ne",
            trust: 0.3,
            vendor: "cisco",
            version: "12.0",
         },
         {
            model: "securecrt",
            scope: "ne",
            trust: 0.3,
            vendor: "vandyke",
            version: "3.4.3",
         },
         {
            model: "vshell",
            scope: "ne",
            trust: 0.3,
            vendor: "van dyke",
            version: "1.2",
         },
         {
            model: "ttssh",
            scope: "ne",
            trust: 0.3,
            vendor: "ttssh",
            version: "1.5.4",
         },
         {
            model: "ssh client",
            scope: "eq",
            trust: 0.1,
            vendor: "fissh",
            version: "1.0a for windows",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            db: "BID",
            id: "6407",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Rapid 7 Security Advisories※ advisory@rapid7.com",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2002-1359",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: true,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2002-1359",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "VHN-5744",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "CVE-2002-1359",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "HIGH",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2002-1359",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#389665",
                  trust: 0.8,
                  value: "11.04",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200212-041",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULHUB",
                  id: "VHN-5744",
                  trust: 0.1,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2002-1359",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization.  Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to buffer overflows.  These buffer overflows are alleged to be exploitable prior to authentication. \nThese conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server.  These issues are known to affect various client and server implementations of the protocol. \nFurther details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n   Original issue date: December 16, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history is at the end of this file. \n\n\nI. \n     It  provides  strong encryption, cryptographic host authentication,\n     and  integrity  protection.... \n   SSHredder  was  primarily  designed  to  test  key  exchange and other\n   processes that are specific to version 2 of the SSH protocol; however,\n   certain classes of tests are also applicable to version 1. \n\n   Rapid7  has  published a detailed advisory (R7-0009) and the SSHredder\n   test suite. \n\n   Common  Vulnerabilities and Exposures (CVE) has assigned the following\n   candidate numbers for several classes of tests performed by SSHredder:\n\n     * CAN-2002-1357 - incorrect field lengths\n     * CAN-2002-1358 - lists with empty elements or multiple separators\n     * CAN-2002-1359 - \"classic\" buffer overflows\n     * CAN-2002-1360 - null characters in strings\n\n\nII. On\n   Microsoft  Windows  systems,  SSH  servers  commonly  run  with SYSTEM\n   privileges,  and  on UNIX systems, SSH daemons typically run with root\n   privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n   Apply  the  appropriate  patch or upgrade as specified by your vendor. \n   See Appendix A below and the Systems Affected section of VU#389665 for\n   specific information. \n\nRestrict access\n\n   Limit  access  to  SSH  servers  to  trusted  hosts and networks using\n   firewalls or other packet-filtering systems. Some SSH servers may have\n   the  ability  to  restrict  access  based  on IP addresses, or similar\n   effects  may  be  achieved  by  using  TCP  wrappers  or other related\n   technology. \n\n   SSH  clients  can  reduce  the  risk  of attacks by only connecting to\n   trusted servers by IP address. \n\n   While  these  workarounds  will  not  prevent  exploitation  of  these\n   vulnerabilities,  they  will  make attacks somewhat more difficult, in\n   part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n   This  appendix  contains information provided by vendors. When vendors\n   report  new  information,  this section is updated and the changes are\n   noted  in  the  revision  history. If a vendor is not listed below, we\n   have  not  received  their  comments.  The Systems Affected section of\n   VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n     The   official   statement  regarding  this  is  that  we  are  not\n     vulnerable. \n\nCray Inc. \n\n     Cray  Inc.  supports  the  OpenSSH  product through their Cray Open\n     Software  (COS)  package.  COS  3.3,  available the end of December\n     2002,  is  not vulnerable. If a site is concerned, they can contact\n     their  local  Cray  representive  to  obtain  an  early copy of the\n     OpenSSH contained in COS 3.3. \n\nF-Secure\n\n     F-Secure  SSH products are not exploitable via these attacks. While\n     F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these\n     malicious  packets,  we  did  not find ways to exploit this to gain\n     unauthorized  access  or  to  run  arbitrary code. Furthermore, the\n     crash  occurs  in a forked process so the denial of service attacks\n     are not possible. \n\nFujitsu\n\n     Fujitsu's  UXP/V  OS  is not vulnerable because it does not support\n     SSH. \n\nIBM\n\n     IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT\n     Vulnerability Note VU#389665. \n\nlsh\n\n     I've now tried the testsuite with the latest stable release of lsh,\n     lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n     Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n     From  my testing it seems that the current version of OpenSSH (3.5)\n     is not vulnerable to these problems, and some limited testing shows\n     that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n     December 16, 2002\n\n     Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n     Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n     possible  vulnerability  with  Version  2.0  of Pragma SecureShell. \n     Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new\n     Version  3.0,  and found that the attacks did cause a memory access\n     protection fault on Microsoft platforms. \n\n     After   research,   Pragma   Systems  corrected  the  problem. \n\n     The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any\n     customers  with concerns regarding this vulnerability report should\n     contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for\n     information  on  obtaining  an upgrade free of charge. Pragma's web\n     site is located at www.pragmasys.com and the company can be reached\n     at 1-512-219-7270. \n\nPuTTY\n\n     PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n     * CERT/CC Vulnerability Note: VU#389665 -\n       http://www.kb.cert.org/vuls/id/389665\n     * Rapid 7 Advisory: R7-0009 -\n       http://www.rapid7.com/advisories/R7-0009.txt\n     * Rapid 7 SSHredder test suite -\n       http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n     * IETF     Draft:     SSH     Transport     Layer     Protocol     -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n       txt\n     * IETF Draft: SSH Protocol Architecture -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n       13.txt\n     * Privilege Separated OpenSSH -\n       http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n     _________________________________________________________________\n\n   The  CERT  Coordination  Center  thanks  Rapid7  for  researching  and\n   reporting these vulnerabilities. \n     _________________________________________________________________\n\n   Author: Art Manion. \n   ______________________________________________________________________\n\n   This document is available from:\n   http://www.cert.org/advisories/CA-2002-36.html\n   ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n   Email: cert@cert.org\n          Phone: +1 412-268-7090 (24-hour hotline)\n          Fax: +1 412-268-6989\n          Postal address:\n          CERT Coordination Center\n          Software Engineering Institute\n          Carnegie Mellon University\n          Pittsburgh PA 15213-3890\n          U.S.A. \n\n   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /\n   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies\n   during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n   We  strongly  urge you to encrypt sensitive information sent by email. \n   Our public PGP key is available from\n   http://www.cert.org/CERT_PGP.key\n\n   If  you  prefer  to  use  DES,  please  call the CERT hotline for more\n   information. \n\nGetting security information\n\n   CERT  publications  and  other security information are available from\n   our web site\n   http://www.cert.org/\n\n   To  subscribe  to  the CERT mailing list for advisories and bulletins,\n   send  email  to majordomo@cert.org. Please include in the body of your\n   message\n\n   subscribe cert-advisory\n\n   *  \"CERT\"  and  \"CERT  Coordination Center\" are registered in the U.S. \n   Patent and Trademark Office. \n   ______________________________________________________________________\n\n   NO WARRANTY\n   Any  material furnished by Carnegie Mellon University and the Software\n   Engineering  Institute  is  furnished  on  an  \"as is\" basis. Carnegie\n   Mellon University makes no warranties of any kind, either expressed or\n   implied  as  to  any matter including, but not limited to, warranty of\n   fitness  for  a  particular purpose or merchantability, exclusivity or\n   results  obtained from use of the material. Carnegie Mellon University\n   does  not  make  any warranty of any kind with respect to freedom from\n   patent, trademark, or copyright infringement. \n     _________________________________________________________________\n\n   Conditions for use, disclaimers, and sponsorship information\n\n   Copyright 2002 Carnegie Mellon University. \n\n   Revision History\n\n   December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            db: "BID",
            id: "6407",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
      ],
      trust: 3.15,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=1788",
            trust: 0.2,
            type: "exploit",
         },
         {
            reference: "https://www.scap.org.cn/vuln/vhn-5744",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "BID",
            id: "6407",
            trust: 2.9,
         },
         {
            db: "NVD",
            id: "CVE-2002-1359",
            trust: 2.9,
         },
         {
            db: "SECTRACK",
            id: "1005812",
            trust: 1.8,
         },
         {
            db: "SECTRACK",
            id: "1005813",
            trust: 1.8,
         },
         {
            db: "CERT/CC",
            id: "VU#389665",
            trust: 1.7,
         },
         {
            db: "BID",
            id: "6397",
            trust: 1.1,
         },
         {
            db: "BID",
            id: "6410",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6408",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6405",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
            trust: 0.7,
         },
         {
            db: "OVAL",
            id: "OVAL:ORG.MITRE.OVAL:DEF:5848",
            trust: 0.6,
         },
         {
            db: "CERT/CC",
            id: "CA-2002-36",
            trust: 0.6,
         },
         {
            db: "VULNWATCH",
            id: "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
            trust: 0.6,
         },
         {
            db: "XF",
            id: "10870",
            trust: 0.6,
         },
         {
            db: "EXPLOIT-DB",
            id: "1788",
            trust: 0.2,
         },
         {
            db: "EXPLOIT-DB",
            id: "16463",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "83008",
            trust: 0.1,
         },
         {
            db: "SEEBUG",
            id: "SSVID-70977",
            trust: 0.1,
         },
         {
            db: "SEEBUG",
            id: "SSVID-63554",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-5744",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "30625",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            db: "BID",
            id: "6407",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
   },
   id: "VAR-200212-0626",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:13:58.101000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            title: "2003120403",
            trust: 0.8,
            url: "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml",
         },
         {
            title: "303",
            trust: 0.8,
            url: "http://www.ssh.com/company/newsroom/article/303/",
         },
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml",
         },
         {
            title: "Cisco: SSH Malformed Packet Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20021219-ssh-packet",
         },
         {
            title: "PuTTY",
            trust: 0.1,
            url: "https://github.com/kaleshashi/putty ",
         },
         {
            title: "PuTTy-",
            trust: 0.1,
            url: "https://github.com/pbr94/putty- ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.3,
            url: "http://www.cert.org/advisories/ca-2002-36.html",
         },
         {
            trust: 2.6,
            url: "http://www.securityfocus.com/bid/6407",
         },
         {
            trust: 1.8,
            url: "http://securitytracker.com/id?1005812",
         },
         {
            trust: 1.8,
            url: "http://securitytracker.com/id?1005813",
         },
         {
            trust: 1.8,
            url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
         },
         {
            trust: 1.2,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5848",
         },
         {
            trust: 1.2,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10870",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/advisories/r7-0009.txt",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666",
         },
         {
            trust: 0.9,
            url: "http://www.citi.umich.edu/u/provos/ssh/privsep.html",
         },
         {
            trust: 0.9,
            url: "http://www.kb.cert.org/vuls/id/389665",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ciac.org/ciac/bulletins/n-028.shtml",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1359",
         },
         {
            trust: 0.8,
            url: "http://www.jpcert.or.jp/wr/2002/wr025001.txt",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnca-2002-36",
         },
         {
            trust: 0.8,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1359",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6405",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6408",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6397",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6410",
         },
         {
            trust: 0.6,
            url: "http://www.f-secure.com/",
         },
         {
            trust: 0.6,
            url: "http://www.ssh.com",
         },
         {
            trust: 0.6,
            url: "http://xforce.iss.net/xforce/xfdb/10870",
         },
         {
            trust: 0.6,
            url: "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5848",
         },
         {
            trust: 0.3,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            trust: 0.3,
            url: "/archive/1/304609",
         },
         {
            trust: 0.3,
            url: "/archive/1/305241",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/20.html",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/vulnerabilities/ssh-pragma-sshredder-overflow",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/modules/exploit/windows/ssh/putty_msg_debug",
         },
         {
            trust: 0.1,
            url: "https://www.exploit-db.com/exploits/1788/",
         },
         {
            trust: 0.1,
            url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20021219-ssh-packet",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/cert_pgp.key",
         },
         {
            trust: 0.1,
            url: "https://www.pragmasys.com",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            db: "BID",
            id: "6407",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            db: "BID",
            id: "6407",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2002-12-16T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6407",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            date: "2002-12-21T10:23:09",
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            date: "2002-12-23T05:00:00",
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2003-06-18T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2017-10-11T00:00:00",
            db: "VULHUB",
            id: "VHN-5744",
         },
         {
            date: "2017-10-11T00:00:00",
            db: "VULMON",
            id: "CVE-2002-1359",
         },
         {
            date: "2009-07-11T19:16:00",
            db: "BID",
            id: "6407",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000324",
         },
         {
            date: "2017-10-11T01:29:03.747000",
            db: "NVD",
            id: "CVE-2002-1359",
         },
         {
            date: "2009-03-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200212-041",
         },
      ],
      trust: 0.6,
   },
}

var-201901-0010
Vulnerability from variot

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. OpenSSH Contains an access control vulnerability.Information may be obtained and information may be altered. OpenSSH is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSH 7.9 version is vulnerable; other versions may also be affected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: March 20, 2019 Bugs: #675520, #675522 ID: 201903-16

Synopsis

Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.9_p1-r4"

References

[ 1 ] CVE-2018-20685 https://nvd.nist.gov/vuln/detail/CVE-2018-20685 [ 2 ] CVE-2019-6109 https://nvd.nist.gov/vuln/detail/CVE-2019-6109 [ 3 ] CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 [ 4 ] CVE-2019-6111 https://nvd.nist.gov/vuln/detail/CVE-2019-6111

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:3702-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3702 Issue date: 2019-11-05 CVE Names: CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 =====================================================================

  1. Summary:

An update for openssh is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

The following packages have been upgraded to a later upstream version: openssh (8.0p1).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0 1691045 - Rebase OpenSSH to latest release (8.0p1?) 1707485 - Use high-level API to do signatures 1712436 - MD5 is used when writing password protected PEM 1732424 - ssh-keygen -A fails in FIPS mode because of DSA key 1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64: openssh-askpass-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm

ppc64le: openssh-askpass-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm

s390x: openssh-askpass-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm

x86_64: openssh-askpass-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source: openssh-8.0p1-3.el8.src.rpm

aarch64: openssh-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm

ppc64le: openssh-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm

s390x: openssh-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm

x86_64: openssh-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-20685 https://access.redhat.com/security/cve/CVE-2019-6109 https://access.redhat.com/security/cve/CVE-2019-6111 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1 dPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8 ArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2 MhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X QCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT pILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL IyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU +gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR rIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH rt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8 TZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8 I+am8dhVlyM= =iPw4 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . scp client multiple vulnerabilities =================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Overview

SCP clients from multiple vendors are susceptible to a malicious scp server performing unauthorized changes to target directory and/or client output manipulation.

Description

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

Impact

Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output.

Details

The discovered vulnerabilities, described in more detail below, enables the attack described here in brief.

  1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim's home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:

    user@local:~$ scp user@remote:readme.txt . readme.txt 100% 494 1.6KB/s 00:00 user@local:~$

  2. Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.

*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.

Vulnerabilities

  1. CWE-20: scp client improper directory name validation [CVE-2018-20685]

The scp client allows server to modify permissions of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0 .\n") directory name.

  1. CWE-20: scp client missing received object name validation [CVE-2019-6111]

Due to the scp implementation being derived from 1983 rcp [1], the server chooses which files/directories are sent to the client. However, scp client only perform cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys).

The same vulnerability in WinSCP is known as CVE-2018-20684.

Proof-of-Concept

Proof of concept malicious scp server will be released at a later date.

Vulnerable versions

The following software packages have some or all vulnerabilities:

                ver      #1  #2  #3  #4

OpenSSH scp <=7.9 x x x x PuTTY PSCP ? - - x x WinSCP scp mode <=5.13 - x - -

Tectia SSH scpg3 is not affected since it exclusively uses sftp protocol.

Mitigation

  1. OpenSSH

1.1 Switch to sftp if possible

1.2 Alternatively apply the following patch to harden scp against most server-side manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch

 NOTE: This patch may cause problems if the the remote and local shells don't
 agree on the way glob() pattern matching works. YMMV.
  1. PuTTY

2.1 No fix is available yet

  1. WinSCP

3.1. Upgrade to WinSCP 5.14 or later

Similar or prior work

  1. CVE-2000-0992 - scp overwrites arbitrary files

References

  1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access

Credits

The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.

Timeline

2018.08.08 initial discovery of vulnerabilities #1 and #2 2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH 2018.08.10 OpenSSH acknowledged the vulnerabilities 2018.08.14 discovered & reported vulnerability #3 to OpenSSH 2018.08.15 discovered & reported vulnerability #4 to OpenSSH 2018.08.30 reported PSCP vulnerabilities (#3 and #4) to PuTTY developers 2018.08.31 reported WinSCP vulnerability (#2) to WinSCP developers 2018.09.04 WinSCP developers reported the vulnerability #2 fixed 2018.11.12 requested a status update from OpenSSH 2018.11.16 OpenSSH fixed vulnerability #1 2019.01.07 requested a status update from OpenSSH 2019.01.08 requested CVE assignments from MITRE 2019.01.10 received CVE assignments from MITRE 2019.01.11 public disclosure of the advisory 2019.01.14 added a warning about the potential issues caused by the patch

. All the vulnerabilities are in found in the scp client implementing the SCP protocol. The check added in this version can lead to regression if the client and the server have differences in wildcard expansion rules. If the server is trusted for that purpose, the check can be disabled with a new -T option to the scp client.

For the stable distribution (stretch), these problems have been fixed in version 1:7.4p1-10+deb9u5.

For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX RFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ t2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX ueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF sEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9 GHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC bHFd+tbxB1LxEO96zKguYpPIzw7Kcw== =5Fd8 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0010",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "m10-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "m10-4",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "winscp",
            scope: "lte",
            trust: 1,
            vendor: "winscp",
            version: "5.13",
         },
         {
            model: "m12-2",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "scalance x204rna",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "m12-2s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "m12-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.0",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "m10-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "8.0",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "storage automation store",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "30",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.1",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "scalance x204rna eec",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "m10-4s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "m10-4",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "ontap select deploy",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "openssh",
            scope: "lte",
            trust: 1,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "m12-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "m12-2s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "m12-2",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "14.04",
         },
         {
            model: "element software",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "m10-4s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.10",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.8,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "winscp",
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "linux enterprise server 12-sp2",
            scope: null,
            trust: 0.3,
            vendor: "suse",
            version: null,
         },
         {
            model: "linux enterprise server 12-sp1",
            scope: null,
            trust: 0.3,
            vendor: "suse",
            version: null,
         },
         {
            model: "linux enterprise server sp3",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "12",
         },
         {
            model: "linux enterprise server ga",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "12",
         },
         {
            model: "linux enterprise server sp4",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "11",
         },
         {
            model: "linux enterprise server sp3 ltss",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "11",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "7",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.9",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.1",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.0",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.4",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "106843",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "7.9",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "5.13",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Gentoo",
      sources: [
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
      trust: 0.7,
   },
   cve: "CVE-2019-6109",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 4.9,
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "High",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2019-6109",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.6,
                  impactScore: 5.2,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 6.8,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2019-6109",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2019-6109",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201901-467",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2019-6109",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. OpenSSH Contains an access control vulnerability.Information may be obtained and information may be altered. OpenSSH is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nOpenSSH 7.9 version is  vulnerable; other versions may also be affected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201903-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSH: Multiple vulnerabilities\n     Date: March 20, 2019\n     Bugs: #675520, #675522\n       ID: 201903-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSH, the worst of which\ncould allow a remote attacker to gain unauthorized access. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=net-misc/openssh-7.9_p1-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-20685\n      https://nvd.nist.gov/vuln/detail/CVE-2018-20685\n[ 2 ] CVE-2019-6109\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6109\n[ 3 ] CVE-2019-6110\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6110\n[ 4 ] CVE-2019-6111\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6111\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssh security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2019:3702-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3702\nIssue date:        2019-11-05\nCVE Names:         CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 \n=====================================================================\n\n1. Summary:\n\nAn update for openssh is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux,\nUNIX, and similar operating systems. It includes the core files necessary\nfor both the OpenSSH client and server. \n\nThe following packages have been upgraded to a later upstream version:\nopenssh (8.0p1). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically. \n1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0\n1691045 - Rebase OpenSSH to latest release (8.0p1?)\n1707485 - Use high-level API to do signatures\n1712436 - MD5 is used when writing password protected PEM\n1732424 - ssh-keygen -A fails in FIPS mode because of DSA key\n1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nopenssh-askpass-8.0p1-3.el8.aarch64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debugsource-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm\n\nppc64le:\nopenssh-askpass-8.0p1-3.el8.ppc64le.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debugsource-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm\n\ns390x:\nopenssh-askpass-8.0p1-3.el8.s390x.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debugsource-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.s390x.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm\n\nx86_64:\nopenssh-askpass-8.0p1-3.el8.x86_64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debugsource-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nopenssh-8.0p1-3.el8.src.rpm\n\naarch64:\nopenssh-8.0p1-3.el8.aarch64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debugsource-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-server-8.0p1-3.el8.aarch64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm\n\nppc64le:\nopenssh-8.0p1-3.el8.ppc64le.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debugsource-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm\n\ns390x:\nopenssh-8.0p1-3.el8.s390x.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-clients-8.0p1-3.el8.s390x.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debugsource-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-server-8.0p1-3.el8.s390x.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.s390x.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm\n\nx86_64:\nopenssh-8.0p1-3.el8.x86_64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debugsource-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-server-8.0p1-3.el8.x86_64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20685\nhttps://access.redhat.com/security/cve/CVE-2019-6109\nhttps://access.redhat.com/security/cve/CVE-2019-6111\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1\ndPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8\nArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2\nMhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X\nQCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT\npILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL\nIyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU\n+gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR\nrIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH\nrt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8\nTZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8\nI+am8dhVlyM=\n=iPw4\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. scp client multiple vulnerabilities\n===================================\nThe latest version of this advisory is available at:\nhttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt\n\n\nOverview\n--------\n\nSCP clients from multiple vendors are susceptible to a malicious scp server performing\nunauthorized changes to target directory and/or client output manipulation. \n\n\nDescription\n-----------\n\nMany scp clients fail to verify if the objects returned by the scp server match those\nit asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate\nflaw in the client allows the target directory attributes to be changed arbitrarily. \nFinally, two vulnerabilities in clients may allow server to spoof the client output. \n\n\nImpact\n------\n\nMalicious scp server can write arbitrary files to scp target directory, change the\ntarget directory permissions and to spoof the client output. \n\n\nDetails\n-------\n\nThe discovered vulnerabilities, described in more detail below, enables the attack\ndescribed here in brief. \n\n1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases\n    file to victim's home directory when the victim performs scp operation from the\n    server. The transfer of extra files is hidden by sending ANSI control sequences\n    via stderr. For example:\n\n    user@local:~$ scp user@remote:readme.txt . \n    readme.txt                                         100%  494     1.6KB/s   00:00\n    user@local:~$\n\n2. Once the victim launches a new shell, the malicious commands in .bash_aliases get\n    executed. \n\n\n*) Man-in-the-Middle attack does require the victim to accept the wrong host\n    fingerprint. \n\n\nVulnerabilities\n---------------\n\n1. CWE-20: scp client improper directory name validation [CVE-2018-20685]\n\nThe scp client allows server to modify permissions of the target directory by using empty\n(\"D0777 0 \\n\") or dot (\"D0777 0 .\\n\") directory name. \n\n\n2. CWE-20: scp client missing received object name validation [CVE-2019-6111]\n\nDue to the scp implementation being derived from 1983 rcp [1], the server chooses which\nfiles/directories are sent to the client. However, scp client only perform cursory\nvalidation of the object name returned (only directory traversal attacks are prevented). \nA malicious scp server can overwrite arbitrary files in the scp client target directory. \nIf recursive operation (-r) is performed, the server can manipulate subdirectories\nas well (for example overwrite .ssh/authorized_keys). \n\nThe same vulnerability in WinSCP is known as CVE-2018-20684. \n\n\n3. \n\n\n4. \n\n\nProof-of-Concept\n----------------\n\nProof of concept malicious scp server will be released at a later date. \n\n\nVulnerable versions\n-------------------\n\nThe following software packages have some or all vulnerabilities:\n\n                    ver      #1  #2  #3  #4\nOpenSSH scp        <=7.9    x   x   x   x\nPuTTY PSCP         ?        -   -   x   x\nWinSCP scp mode    <=5.13   -   x   -   -\n\nTectia SSH scpg3 is not affected since it exclusively uses sftp protocol. \n\n\nMitigation\n----------\n\n1. OpenSSH\n\n1.1 Switch to sftp if possible\n\n1.2 Alternatively apply the following patch to harden scp against most server-side\n     manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch\n\n     NOTE: This patch may cause problems if the the remote and local shells don't\n     agree on the way glob() pattern matching works. YMMV. \n\n2. PuTTY\n\n2.1 No fix is available yet\n\n3. WinSCP\n\n3.1. Upgrade to WinSCP 5.14 or later\n\n\n\nSimilar or prior work\n---------------------\n\n1. CVE-2000-0992 - scp overwrites arbitrary files\n\n\nReferences\n----------\n\n1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access\n\n\nCredits\n-------\n\nThe vulnerability was discovered by Harry Sintonen / F-Secure Corporation. \n\n\nTimeline\n--------\n\n2018.08.08  initial discovery of vulnerabilities #1 and #2\n2018.08.09  reported vulnerabilities #1 and #2 to OpenSSH\n2018.08.10  OpenSSH acknowledged the vulnerabilities\n2018.08.14  discovered & reported vulnerability #3 to OpenSSH\n2018.08.15  discovered & reported vulnerability #4 to OpenSSH\n2018.08.30  reported PSCP vulnerabilities (#3 and #4) to PuTTY developers\n2018.08.31  reported WinSCP vulnerability (#2) to WinSCP developers\n2018.09.04  WinSCP developers reported the vulnerability #2 fixed\n2018.11.12  requested a status update from OpenSSH\n2018.11.16  OpenSSH fixed vulnerability #1\n2019.01.07  requested a status update from OpenSSH\n2019.01.08  requested CVE assignments from MITRE\n2019.01.10  received CVE assignments from MITRE\n2019.01.11  public disclosure of the advisory\n2019.01.14  added a warning about the potential issues caused by the patch\n\n\n. All the vulnerabilities\nare in found in the scp client implementing the SCP protocol. \n    The check added in this version can lead to regression if the client and\n    the server have differences in wildcard expansion rules. If the server is\n    trusted for that purpose, the check can be disabled with a new -T option to\n    the scp client. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:7.4p1-10+deb9u5. \n\nFor the detailed security status of openssh please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssh\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX\nRFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ\nt2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX\nueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF\nsEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9\nGHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC\nbHFd+tbxB1LxEO96zKguYpPIzw7Kcw==\n=5Fd8\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "BID",
            id: "106843",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
      ],
      trust: 2.34,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2019-6109",
            trust: 3.2,
         },
         {
            db: "SIEMENS",
            id: "SSA-412672",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "152154",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.1255",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1280.2",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1280",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.1270",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.0410.3",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.0605",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2021.3698",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.1420",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
            trust: 0.6,
         },
         {
            db: "BID",
            id: "106843",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-22-349-21",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2019-6109",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "155158",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151175",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151601",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            db: "BID",
            id: "106843",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
   },
   id: "VAR-201901-0010",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.6178670799999999,
   },
   last_update_date: "2023-12-18T11:24:25.381000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "CVS log for src/usr.bin/ssh/progressmeter.c",
            trust: 0.8,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
         },
         {
            title: "CVS log for src/usr.bin/ssh/scp.c",
            trust: 0.8,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
         },
         {
            title: "OpenSSH Security vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=88613",
         },
         {
            title: "The Register",
            trust: 0.2,
            url: "https://www.theregister.co.uk/2019/01/15/scp_vulnerability/",
         },
         {
            title: "Red Hat: Moderate: openssh security, bug fix, and enhancement update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20193702 - security advisory",
         },
         {
            title: "Ubuntu Security Notice: openssh vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3885-1",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=dffe92fd93b8f745f5f15bc2f29dc935",
         },
         {
            title: "Debian CVElist Bug Report Logs: CVE-2019-6111 not fixed, file transfer of unwanted files by malicious SSH server still possible",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=74b791ca4fdf54c27d2b50ef6845ef8e",
         },
         {
            title: "Arch Linux Issues: ",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2019-6109",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssh: CVE-2018-20685: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8394bb17731a99ef76b185cbc70acfa3",
         },
         {
            title: "Amazon Linux AMI: ALAS-2019-1313",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2019-1313",
         },
         {
            title: "Amazon Linux 2: ALAS2-2019-1216",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2019-1216",
         },
         {
            title: "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=50a54c2fb43b489f64442dcf4f25bc3b",
         },
         {
            title: "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v1)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=979e60202a29c3c55731e37f8ddc5a3b",
         },
         {
            title: "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf3f2299a8658b7cd3984c40e7060666",
         },
         {
            title: "Siemens Security Advisories: Siemens Security Advisory",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2019-6109 ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/h4xrox/direct-admin-vulnerability-disclosure ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/numaan911098/leadgenapp-bug-report ",
         },
         {
            title: "DC-4-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/dc-4-vulnhub-walkthrough ",
         },
         {
            title: "nmap",
            trust: 0.1,
            url: "https://github.com/devairdarolt/nmap ",
         },
         {
            title: "TrivyWeb",
            trust: 0.1,
            url: "https://github.com/korayagaya/trivyweb ",
         },
         {
            title: "github_aquasecurity_trivy",
            trust: 0.1,
            url: "https://github.com/back8/github_aquasecurity_trivy ",
         },
         {
            title: "Funbox2-rookie",
            trust: 0.1,
            url: "https://github.com/vaishali1998/funbox2-rookie ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/simiyo/trivy ",
         },
         {
            title: "security",
            trust: 0.1,
            url: "https://github.com/umahari/security ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/mohzeela/external-secret ",
         },
         {
            title: "Vulnerability-Scanner-for-Containers",
            trust: 0.1,
            url: "https://github.com/t31m0/vulnerability-scanner-for-containers ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/aquasecurity/trivy ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/knqyf263/trivy ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/siddharthraopotukuchi/trivy ",
         },
         {
            title: "Basic-Pentesting-2-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2-vulnhub-walkthrough ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/bioly230/thm_skynet ",
         },
         {
            title: "Basic-Pentesting-2",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2 ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-116",
            trust: 1,
         },
         {
            problemtype: "CWE-284",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.4,
            url: "https://access.redhat.com/errata/rhsa-2019:3702",
         },
         {
            trust: 2.3,
            url: "https://www.debian.org/security/2019/dsa-4387",
         },
         {
            trust: 2.1,
            url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
         },
         {
            trust: 1.8,
            url: "https://usn.ubuntu.com/3885-1/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/201903-16",
         },
         {
            trust: 1.8,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6109",
         },
         {
            trust: 1.7,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
         },
         {
            trust: 1.7,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
         },
         {
            trust: 1.7,
            url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
         },
         {
            trust: 1.7,
            url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
         },
         {
            trust: 1.7,
            url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
         },
         {
            trust: 1.1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w3yvq2bptovdcfdvnc2ggf5p5isfg37g/",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6109",
         },
         {
            trust: 0.6,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w3yvq2bptovdcfdvnc2ggf5p5isfg37g/",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914030-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-20190941-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-20190496-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914016-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/76170",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/152154/gentoo-linux-security-advisory-201903-16.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/75338",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1280.2/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2021.3698",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/78994",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1280/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/78934",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/79690",
         },
         {
            trust: 0.6,
            url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10882554",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/security/cve/cve-2019-6109",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6111",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20685",
         },
         {
            trust: 0.3,
            url: "http://www.openssh.org/",
         },
         {
            trust: 0.3,
            url: "https://support.f5.com/csp/article/k12252011",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6110",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/116.html",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=59542",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2019-6111",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            trust: 0.1,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-20685",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20684",
         },
         {
            trust: 0.1,
            url: "https://sintonen.fi/advisories/scp-name-validator.patch",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2000-0992",
         },
         {
            trust: 0.1,
            url: "https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.1,
            url: "https://security-tracker.debian.org/tracker/openssh",
         },
         {
            trust: 0.1,
            url: "https://www.debian.org/security/",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            db: "BID",
            id: "106843",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            db: "BID",
            id: "106843",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2019-6109",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-01-31T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            date: "2019-01-11T00:00:00",
            db: "BID",
            id: "106843",
         },
         {
            date: "2019-02-14T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            date: "2019-03-20T16:09:02",
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            date: "2019-11-06T15:55:27",
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            date: "2019-01-16T15:04:39",
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            date: "2019-02-11T16:13:15",
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            date: "2019-01-31T18:29:00.710000",
            db: "NVD",
            id: "CVE-2019-6109",
         },
         {
            date: "2019-01-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6109",
         },
         {
            date: "2019-01-11T00:00:00",
            db: "BID",
            id: "106843",
         },
         {
            date: "2019-02-14T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
         {
            date: "2023-11-07T03:13:05.160000",
            db: "NVD",
            id: "CVE-2019-6109",
         },
         {
            date: "2022-12-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenSSH Access control vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-001217",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "access control error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201901-467",
         },
      ],
      trust: 0.6,
   },
}

var-201406-0445
Vulnerability from variot

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable.

HP Connect IT / HP SPM CIT - 9.5x Please install: HP Connect IT 9.53.P2

For Windows http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070

For Linux http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071

For AIX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072

For HPUX http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073

For Solaris http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074

HP Connect IT / HP SPM CIT - 9.4x Please install: HP Connect IT 9.40.P1

For windows(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075

For Linux(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076

For AIX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077

For HPUX(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078

For Solaris(en) http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079

HP Connect IT / HP SPM AM 5.2x Please install: HP Connect IT 9.41.P1

HISTORY Version:1 (rev.1) - 19 August 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. ============================================================================ Ubuntu Security Notice USN-2232-3 June 23, 2014

openssl regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.04 LTS
  • Ubuntu 13.10
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

USN-2232-1 introduced a regression in OpenSSL. The upstream fix for CVE-2014-0224 caused a regression for certain applications that use renegotiation, such as PostgreSQL. This update fixes the problem.

Original advisory details:

J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-0195) Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2014-0221) KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain handshakes. (CVE-2014-0224) Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled anonymous ECDH ciphersuites. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. (CVE-2014-3470)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.04 LTS: libssl1.0.0 1.0.1f-1ubuntu2.4

Ubuntu 13.10: libssl1.0.0 1.0.1e-3ubuntu1.6

Ubuntu 12.04 LTS: libssl1.0.0 1.0.1-4ubuntu5.16

Ubuntu 10.04 LTS: libssl0.9.8 0.9.8k-7ubuntu8.19

After a standard system update you need to reboot your computer to make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2232-3 http://www.ubuntu.com/usn/usn-2232-1 https://launchpad.net/bugs/1332643

Package Information: https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4 https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6 https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16 https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-05

                                        http://security.gentoo.org/

Severity: High Title: OpenSSL: Multiple vulnerabilities Date: July 27, 2014 Bugs: #512506 ID: 201407-05

Synopsis

Multiple vulnerabilities have been found in OpenSSL, possibly allowing remote attackers to execute arbitrary code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-libs/openssl < 1.0.1h-r1 >= 0.9.8z_p5 >= 0.9.8z_p4 >= 0.9.8z_p1 >= 0.9.8z_p3 >= 0.9.8z_p2 >= 1.0.0m >= 1.0.1h-r1

Description

Multiple vulnerabilities have been discovered in OpenSSL.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSL users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/openssl-1.0.1h-r1"

References

[ 1 ] CVE-2010-5298 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298 [ 2 ] CVE-2014-0195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195 [ 3 ] CVE-2014-0198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198 [ 4 ] CVE-2014-0221 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221 [ 5 ] CVE-2014-0224 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224 [ 6 ] CVE-2014-3470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470 [ 7 ] OpenSSL Security Advisory [05 Jun 2014] http://www.openssl.org/news/secadv_20140605.txt

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201407-05.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04347622

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04347622 Version: 1

HPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network Products including H3C and 3COM Routers and Switches running OpenSSL, Remote Denial of Service (DoS), Code Execution, Unauthorized Access, Modification or Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2014-06-20 Last Updated: 2014-06-20

Potential Security Impact: Remote Denial of Service (DoS), code execution, unauthorized access, modification of information, disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP Intelligent Management Center (iMC), HP Network Products including 3COM and H3C routers and switches running OpenSSL. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS), execute code, allow unauthorized access, modify or disclose information.

References:

CVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information CVE-2014-0198 Remote Unauthorized Access (only iMC impacted) CVE-2014-0224 Remote Unauthorized Access or Disclosure of Information SSRT101561 Note: All products listed are impacted by CVE-2014-0224 . iMC is also impacted by CVE-2014-0198 and CVE-2010-5298

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Please refer to the RESOLUTION section below for a list of impacted products.

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2010-5298 (AV:N/AC:H/Au:N/C:N/I:P/A:P) 4.0 CVE-2014-0198 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2014-0224 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION On June 5th 2014, OpenSSL.org issued an advisory with several CVE vulnerabilities. HP Networking is working to release fixes for these vulnerabilities that impact the products in the table below. As fixed software is made available, this security bulletin will be updated to show the fixed versions. Until the software fixes are available, HP Networking is providing the following information including possible workarounds to mitigate the risks of these vulnerabilities.

Description

The most serious issue reported is CVE-2014-0224 and it is the one discussed here. To take advantage CVE-2014-0224, an attacker must:

be in between the OpenSSL client and OpenSSL server. be capable of intercepting and modifying packets between the OpenSSL client and OpenSSL server in real time.

Workarounds

HP Networking equipment is typically deployed inside firewalls and access to management interfaces and other protocols is more tightly controlled than in public environments. This deployment and security restrictions help to reduce the possibility of an attacker being able to intercept both OpenSSL client and OpenSSL server traffic.

Following the guidelines in the Hardening Comware-based devices can help to further reduce man-in-the-middle opportunities:

http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536 920

For an HP Networking device acting as an OpenSSL Server, using a patched OpenSSL client or non-OpenSSL client eliminates the risk. As an example, most modern web browsers do not use the OpenSSL client and the sessions between the HP Networking OpenSSL server and the non-OpenSSL client are not at risk for this attack. For HP Networking Equipment that is using an OpenSSL client, patching the OpenSSL server will eliminate the risk of this attack.

Protocol Notes

The following details the protocols that use OpenSSL in Comware v5 and Comware v7:

Comware V7:

Server:

FIPS/HTTPS/Load Balancing/Session Initiation Protocol

Client:

Load Balancing/OpenFlow/Session Initiation Protocol/State Machine Based Anti-Spoofing/Dynamic DNS

Comware V5:

Server:

CAPWAP/EAP/SSLVPN

Client:

Dynamic DNS

Family Fixed Version HP Branded Products Impacted H3C Branded Products Impacted 3Com Branded Products Impacted

12900 Switch Series Fix in progress use mitigations JG619A HP FF 12910 Switch AC Chassis JG621A HP FF 12910 Main Processing Unit JG632A HP FF 12916 Switch AC Chassis JG634A HP FF 12916 Main Processing Unit

12500 Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JC808A HP 12500 TAA Main Processing Unit H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

12500 (Comware v7) Fix in progress use mitigations JC085A HP A12518 Switch Chassis JC086A HP A12508 Switch Chassis JC652A HP 12508 DC Switch Chassis JC653A HP 12518 DC Switch Chassis JC654A HP 12504 AC Switch Chassis JC655A HP 12504 DC Switch Chassis JF430A HP A12518 Switch Chassis JF430B HP 12518 Switch Chassis JF430C HP 12518 AC Switch Chassis JF431A HP A12508 Switch Chassis JF431B HP 12508 Switch Chassis JF431C HP 12508 AC Switch Chassis JC072B HP 12500 Main Processing Unit JG497A HP 12500 MPU w/Comware V7 OS JG782A HP FF 12508E AC Switch Chassis JG783A HP FF 12508E DC Switch Chassis JG784A HP FF 12518E AC Switch Chassis JG785A HP FF 12518E DC Switch Chassis JG802A HP FF 12500E MPU H3C S12508 Routing Switch(AC-1) (0235A0GE) H3C S12518 Routing Switch(AC-1) (0235A0GF) H3C S12508 Chassis (0235A0E6) H3C S12508 Chassis (0235A38N) H3C S12518 Chassis (0235A0E7) H3C S12518 Chassis (0235A38M)

11900 Switch Series Fix in progress use mitigations JG608A HP FF 11908-V Switch Chassis JG609A HP FF 11900 Main Processing Unit

10500 Switch Series (Comware v5) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC614A HP 10500 Main Processing Unit JC748A HP 10512 Switch Chassis JG375A HP 10500 TAA Main Processing Unit JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis

10500 Switch Series (Comware v7) Fix in progress use mitigations JC611A HP 10508-V Switch Chassis JC612A HP 10508 Switch Chassis JC613A HP 10504 Switch Chassis JC748A HP 10512 Switch Chassis JG820A HP 10504 TAA Switch Chassis JG821A HP 10508 TAA Switch Chassis JG822A HP 10508-V TAA Switch Chassis JG823A HP 10512 TAA Switch Chassis JG496A HP 10500 Type A MPU w/Comware v7 OS

9500E Fix in progress use mitigations JC124A HP A9508 Switch Chassis JC124B HP 9505 Switch Chassis JC125A HP A9512 Switch Chassis JC125B HP 9512 Switch Chassis JC474A HP A9508-V Switch Chassis JC474B HP 9508-V Switch Chassis H3C S9505E Routing-Switch Chassis (0235A0G6) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9512E Routing-Switch Chassis (0235A0G7) H3C S9508E-V Routing-Switch Chassis (0235A38Q) H3C S9505E Chassis w/ Fans (0235A38P) H3C S9512E Chassis w/ Fans (0235A38R)

Router 8800 Fix in progress use mitigations JC147A HP A8802 Router Chassis JC147B HP 8802 Router Chassis JC148A HP A8805 Router Chassis JC148B HP 8805 Router Chassis JC149A HP A8808 Router Chassis JC149B HP 8808 Router Chassis JC150A HP A8812 Router Chassis JC150B HP 8812 Router Chassis JC141A HP 8802 Main Control Unit Module JC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod JC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod H3C SR8805 10G Core Router Chassis (0235A0G8) H3C SR8808 10G Core Router Chassis (0235A0G9) H3C SR8812 10G Core Router Chassis (0235A0GA) H3C SR8802 10G Core Router Chassis (0235A0GC) H3C SR8802 10G Core Router Chassis (0235A31B) H3C SR8805 10G Core Router Chassis (0235A31C) H3C SR8808 10G Core Router Chassis (0235A31D) H3C SR8812 10G Core Router Chassis (0235A31E)

7500 Switch Series Fix in progress use mitigations JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T JC697A HP A7502 TAA Main Processing Unit JC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE JC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE JC700A HP A7500 384 Gbps TAA Fabric / MPU JC701A HP A7510 768 Gbps TAA Fabric / MPU JD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports JD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports JD194A HP 384 Gbps Fabric A7500 Module JD194B HP 7500 384Gbps Fabric Module JD195A HP 7500 384Gbps Advanced Fabric Module JD196A HP 7502 Fabric Module JD220A HP 7500 768Gbps Fabric Module JD238A HP A7510 Switch Chassis JD238B HP 7510 Switch Chassis JD239A HP A7506 Switch Chassis JD239B HP 7506 Switch Chassis JD240A HP A7503 Switch Chassis JD240B HP 7503 Switch Chassis JD241A HP A7506 Vertical Switch Chassis JD241B HP 7506-V Switch Chassis JD242A HP A7502 Switch Chassis JD242B HP 7502 Switch Chassis JD243A HP A7503 Switch Chassis w/1 Fabric Slot JD243B HP 7503-S Switch Chassis w/1 Fabric Slot H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4) H3C S7503E Ethernet Switch Chassis with Fan (0235A0G2) H3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5) H3C S7506E Ethernet Switch Chassis with Fan (0235A0G1) H3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3) H3C S7510E Ethernet Switch Chassis with Fan (0235A0G0) H3C S7502E Chassis w/ fans (0235A29A) H3C S7503E Chassis w/ fans (0235A27R) H3C S7503E-S Chassis w/ fans (0235A33R) H3C S7506E Chassis w/ fans (0235A27Q) H3C S7506E-V Chassis w/ fans (0235A27S)

HSR6800 Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6800 Russian Version Fix in progress use mitigations JG361A HP HSR6802 Router Chassis JG362A HP HSR6804 Router Chassis JG363A HP HSR6808 Router Chassis JG364A HP HSR6800 RSE-X2 Router MPU JG779A HP HSR6800 RSE-X2 Router TAA MPU

HSR6602 Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

HSR6602 Russian Version Fix in progress use mitigations JG353A HP HSR6602-G Router JG354A HP HSR6602-XG Router JG776A HP HSR6602-G TAA Router JG777A HP HSR6602-XG TAA Router

A6600 Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

A6600 Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JC566A HP A6600 RSE-X1 Main Processing Unit JG780A HP 6600 RSE-X1 Router TAA MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

6600 MCP Russian Version Fix in progress use mitigations JC177A HP 6608 Router JC177B HP A6608 Router Chassis JC178A HP 6604 Router Chassis JC178B HP A6604 Router Chassis JC496A HP 6616 Router Chassis JG778A HP 6600 MCP-X2 Router TAA MPU JG355A HP 6600 MCP-X1 Router MPU JG356A HP 6600 MCP-X2 Router MPU H3C RT-SR6608-OVS-H3 (0235A32X) H3C RT-SR6604-OVS-H3 (0235A37X) H3C SR6616 Router Chassis (0235A41D)

5920 Switch Series Fix in progress use mitigations JG296A HP 5920AF-24XG Switch JG555A HP 5920AF-24XG TAA Switch

5900 Switch Series Fix in progress use mitigations JC772A HP 5900AF-48XG-4QSFP+ Switch JG336A HP 5900AF-48XGT-4QSFP+ Switch JG510A HP 5900AF-48G-4XG-2QSFP+ Switch JG554A HP 5900AF-48XG-4QSFP+ TAA Switch JG838A HP FF 5900CP-48XG-4QSFP+ Switch

5900 Virtual Switch Fix in progress use mitigations JG814AAE HP Virtual Switch 5900v VMware E-LTU JG815AAE HP VSO SW for 5900v VMware E-LTU

5830 Switch Series Fix in progress use mitigations JC691A HP A5830AF-48G Switch w/1 Interface Slot JC694A HP A5830AF-96G Switch JG316A HP 5830AF-48G TAA Switch w/1 Intf Slot JG374A HP 5830AF-96G TAA Switch

5820 Switch Series Fix in progress use mitigations JC102A HP 5820-24XG-SFP+ Switch JC106A HP 5820-14XG-SFP+ Switch with 2 Slots JG219A HP 5820AF-24XG Switch JG243A HP 5820-24XG-SFP+ TAA-compliant Switch JG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media modules Plus OSM (0235A37L) H3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T (RJ45) (0235A370)

5800 Switch Series Fix in progress use mitigations JC099A HP 5800-24G-PoE Switch JC100A HP 5800-24G Switch JC101A HP 5800-48G Switch with 2 Slots JC103A HP 5800-24G-SFP Switch JC104A HP 5800-48G-PoE Switch JC105A HP 5800-48G Switch JG225A HP 5800AF-48G Switch JG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots JG254A HP 5800-24G-PoE+ TAA-compliant Switch JG255A HP 5800-24G TAA-compliant Switch JG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt JG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot JG258A HP 5800-48G TAA Switch w 1 Intf Slot H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot (0235A36U) H3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X (SFP Plus ) Plus 1 media module PoE (0235A36S) H3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus media module (no power) (0235A374) H3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus ) Plus media module (0235A379) H3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module (0235A378) H3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM (0235A36W)

5500 HI Switch Series Fix in progress use mitigations JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch JG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch JG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt JG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt JG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt JG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt JG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt JG681A HP 5500-24G-SFP HI TAA Swch w/2Slt

5500 EI Switch Series Fix in progress use mitigations JD373A HP 5500-24G DC EI Switch JD374A HP 5500-24G-SFP EI Switch JD375A HP 5500-48G EI Switch JD376A HP 5500-48G-PoE EI Switch JD377A HP 5500-24G EI Switch JD378A HP 5500-24G-PoE EI Switch JD379A HP 5500-24G-SFP DC EI Switch JG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts JG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts JG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts JG250A HP 5500-24G EI TAA Switch w 2 Intf Slts JG251A HP 5500-48G EI TAA Switch w 2 Intf Slts JG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts JG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts H3C S5500-28C-EI Ethernet Switch (0235A253) H3C S5500-28F-EI Eth Switch AC Single (0235A24U) H3C S5500-52C-EI Ethernet Switch (0235A24X) H3C S5500-28C-EI-DC Ethernet Switch (0235A24S) H3C S5500-28C-PWR-EI Ethernet Switch (0235A255) H3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259) H3C S5500-52C-PWR-EI Ethernet Switch (0235A251)

5500 SI Switch Series Fix in progress use mitigations JD369A HP 5500-24G SI Switch JD370A HP 5500-48G SI Switch JD371A HP 5500-24G-PoE SI Switch JD372A HP 5500-48G-PoE SI Switch JG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts JG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts H3C S5500-28C-SI Ethernet Switch (0235A04U) H3C S5500-52C-SI Ethernet Switch (0235A04V) H3C S5500-28C-PWR-SI Ethernet Switch (0235A05H) H3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)

5120 EI Switch Series Fix in progress use mitigations JE066A HP 5120-24G EI Switch JE067A HP 5120-48G EI Switch JE068A HP 5120-24G EI Switch with 2 Slots JE069A HP 5120-48G EI Switch with 2 Slots JE070A HP 5120-24G-PoE EI Switch with 2 Slots JE071A HP 5120-48G-PoE EI Switch with 2 Slots JG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts JG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts JG245A HP 5120-24G EI TAA Switch w 2 Intf Slts JG246A HP 5120-48G EI TAA Switch w 2 Intf Slts JG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts JG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ) H3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS) H3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR) H3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT) H3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU) H3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)

5120 SI switch Series Fix in progress use mitigations JE072A HP 5120-48G SI Switch JE073A HP 5120-16G SI Switch JE074A HP 5120-24G SI Switch JG091A HP 5120-24G-PoE+ (370W) SI Switch JG092A HP 5120-24G-PoE+ (170W) SI Switch H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W) H3C S5120-20P-SI L2 16GE Plus 4SFP (0235A42B) H3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D) H3C S5120-28P-HPWR-SI (0235A0E5) H3C S5120-28P-PWR-SI (0235A0E3)

4800 G Switch Series Fix in progress use mitigations JD007A HP 4800-24G Switch JD008A HP 4800-24G-PoE Switch JD009A HP 4800-24G-SFP Switch JD010A HP 4800-48G Switch JD011A HP 4800-48G-PoE Switch

3Com Switch 4800G 24-Port (3CRS48G-24-91) 3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91) 3Com Switch 4800G 48-Port (3CRS48G-48-91) 3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91) 3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)

4510G Switch Series Fix in progress use mitigations JF428A HP 4510-48G Switch JF847A HP 4510-24G Switch

3Com Switch 4510G 48 Port (3CRS45G-48-91) 3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91) 3Com Switch E4510-24G (3CRS45G-24-91)

4210G Switch Series Fix in progress use mitigations JF844A HP 4210-24G Switch JF845A HP 4210-48G Switch JF846A HP 4210-24G-PoE Switch

3Com Switch 4210-24G (3CRS42G-24-91) 3Com Switch 4210-48G (3CRS42G-48-91) 3Com Switch E4210-24G-PoE (3CRS42G-24P-91)

3610 Switch Series Fix in progress use mitigations JD335A HP 3610-48 Switch JD336A HP 3610-24-4G-SFP Switch JD337A HP 3610-24-2G-2G-SFP Switch JD338A HP 3610-24-SFP Switch H3C S3610-52P - model LS-3610-52P-OVS (0235A22C) H3C S3610-28P - model LS-3610-28P-OVS (0235A22D) H3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E) H3C S3610-28F - model LS-3610-28F-OVS (0235A22F)

3600 V2 Switch Series Fix in progress use mitigations JG299A HP 3600-24 v2 EI Switch JG300A HP 3600-48 v2 EI Switch JG301A HP 3600-24-PoE+ v2 EI Switch JG301B HP 3600-24-PoE+ v2 EI Switch JG302A HP 3600-48-PoE+ v2 EI Switch JG302B HP 3600-48-PoE+ v2 EI Switch JG303A HP 3600-24-SFP v2 EI Switch JG304A HP 3600-24 v2 SI Switch JG305A HP 3600-48 v2 SI Switch JG306A HP 3600-24-PoE+ v2 SI Switch JG306B HP 3600-24-PoE+ v2 SI Switch JG307A HP 3600-48-PoE+ v2 SI Switch JG307B HP 3600-48-PoE+ v2 SI Switch

3100V2 Fix in progress use mitigations JD313B HP 3100-24-PoE v2 EI Switch JD318B HP 3100-8 v2 EI Switch JD319B HP 3100-16 v2 EI Switch JD320B HP 3100-24 v2 EI Switch JG221A HP 3100-8 v2 SI Switch JG222A HP 3100-16 v2 SI Switch JG223A HP 3100-24 v2 SI Switch

3100V2-48 Fix in progress use mitigations JG315A HP 3100-48 v2 Switch

1910 Fix in progress use mitigations JE005A HP 1910-16G Switch JE006A HP 1910-24G Switch JE007A HP 1910-24G-PoE (365W) Switch JE008A HP 1910-24G-PoE(170W) Switch JE009A HP 1910-48G Switch JG348A HP 1910-8G Switch JG349A HP 1910-8G-PoE+ (65W) Switch JG350A HP 1910-8G-PoE+ (180W) Switch 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293) 3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093) 3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893) 3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93) 3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)

1810v1 P2 Fix in progress use mitigations J9449A HP 1810-8G Switch J9450A HP 1810-24G Switch

1810v1 PK Fix in progress use mitigations J9660A HP 1810-48G Switch

MSR20 Fix in progress use mitigations JD432A HP A-MSR20-21 Multi-Service Router JD662A HP MSR20-20 Multi-Service Router JD663A HP MSR20-21 Multi-Service Router JD663B HP MSR20-21 Router JD664A HP MSR20-40 Multi-Service Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326) H3C MSR 20-20 (0235A19H) H3C MSR 20-21 (0235A325) H3C MSR 20-40 (0235A19K) H3C MSR-20-21 Router (0235A19J)

MSR20-1X Fix in progress use mitigations JD431A HP MSR20-10 Router JD667A HP MSR20-15 IW Multi-Service Router JD668A HP MSR20-13 Multi-Service Router JD669A HP MSR20-13 W Multi-Service Router JD670A HP MSR20-15 A Multi-Service Router JD671A HP MSR20-15 AW Multi-Service Router JD672A HP MSR20-15 I Multi-Service Router JD673A HP MSR20-11 Multi-Service Router JD674A HP MSR20-12 Multi-Service Router JD675A HP MSR20-12 W Multi-Service Router JD676A HP MSR20-12 T1 Multi-Service Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router JG209A HP MSR20-12-T-W Router (NA) JG210A HP MSR20-13-W Router (NA) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8) H3C MSR 20-10 (0235A0A7) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-11 (0235A31V) H3C MSR 20-12 (0235A32E) H3C MSR 20-12 T1 (0235A32B) H3C MSR 20-13 (0235A31W) H3C MSR 20-13 W (0235A31X) H3C MSR 20-15 A (0235A31Q) H3C MSR 20-15 A W (0235A31R) H3C MSR 20-15 I (0235A31N) H3C MSR 20-15 IW (0235A31P) H3C MSR20-12 W (0235A32G)

MSR30 Fix in progress use mitigations JD654A HP MSR30-60 POE Multi-Service Router JD657A HP MSR30-40 Multi-Service Router JD658A HP MSR30-60 Multi-Service Router JD660A HP MSR30-20 POE Multi-Service Router JD661A HP MSR30-40 POE Multi-Service Router JD666A HP MSR30-20 Multi-Service Router JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF232A HP RT-MSR3040-AC-OVS-AS-H3 JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S) H3C MSR 30-20 (0235A19L) H3C MSR 30-20 POE (0235A239) H3C MSR 30-40 (0235A20J) H3C MSR 30-40 POE (0235A25R) H3C MSR 30-60 (0235A20K) H3C MSR 30-60 POE (0235A25S) H3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)

MSR30-16 Fix in progress use mitigations JD659A HP MSR30-16 POE Multi-Service Router JD665A HP MSR30-16 Multi-Service Router JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321) H3C MSR 30-16 (0235A237) H3C MSR 30-16 POE (0235A238)

MSR30-1X Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H) H3C RT-MSR3011-AC-OVS-H3 (0235A29L)

MSR50 Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR5040-DC-OVS-H3C (0235A20P) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L)

MSR50-G2 Fix in progress use mitigations JD429A HP MSR50 G2 Processor Module JD429B HP MSR50 G2 Processor Module H3C H3C MSR 50 Processor Module-G2 (0231A84Q) H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD(0231A0KL)

MSR20 Russian version Fix in progress use mitigations JD663B HP MSR20-21 Router JF228A HP MSR20-40 Router JF283A HP MSR20-20 Router H3C RT-MSR2020-AC-OVS-H3C (0235A324) H3C RT-MSR2040-AC-OVS-H3 (0235A326)

MSR20-1X Russian version Fix in progress use mitigations JD431A HP MSR20-10 Router JF236A HP MSR20-15-I Router JF237A HP MSR20-15-A Router JF238A HP MSR20-15-I-W Router JF239A HP MSR20-11 Router JF240A HP MSR20-13 Router JF241A HP MSR20-12 Router JF806A HP MSR20-12-T Router JF807A HP MSR20-12-W Router JF808A HP MSR20-13-W Router JF809A HP MSR20-15-A-W Router JF817A HP MSR20-15 Router H3C MSR 20-10 (0235A0A7) H3C RT-MSR2015-AC-OVS-I-H3 (0235A394) H3C RT-MSR2015-AC-OVS-A-H3 (0235A392) H3C RT-MSR2015-AC-OVS-AW-H3 (0235A393) H3C RT-MSR2011-AC-OVS-H3 (0235A395) H3C RT-MSR2013-AC-OVS-H3 (0235A390) H3C RT-MSR2012-AC-OVS-H3 (0235A396) H3C RT-MSR2012-T-AC-OVS-H3 (0235A398) H3C RT-MSR2012-AC-OVS-W-H3 (0235A397) H3C RT-MSR2013-AC-OVS-W-H3 (0235A391) H3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V) H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)

MSR30 Russian version Fix in progress use mitigations JF229A HP MSR30-40 Router JF230A HP MSR30-60 Router JF235A HP MSR30-20 DC Router JF284A HP MSR30-20 Router JF287A HP MSR30-40 DC Router JF801A HP MSR30-60 DC Router JF802A HP MSR30-20 PoE Router JF803A HP MSR30-40 PoE Router JF804A HP MSR30-60 PoE Router H3C RT-MSR3040-AC-OVS-H (0235A299) H3C RT-MSR3060-AC-OVS-H3 (0235A320) H3C RT-MSR3020-DC-OVS-H3 (0235A267) H3C MSR 30-20 Router (0235A328) H3C MSR 30-40 Router Host(DC) (0235A268) H3C RT-MSR3060-DC-OVS-H3 (0235A269) H3C RT-MSR3020-AC-POE-OVS-H3 (0235A322) H3C RT-MSR3040-AC-POE-OVS-H3 (0235A323) H3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)

MSR30-1X Russian version Fix in progress use mitigations JF800A HP MSR30-11 Router JF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr JG182A HP MSR30-11E Router JG183A HP MSR30-11F Router JG184A HP MSR30-10 DC Router H3C RT-MSR3011-AC-OVS-H3 (0235A29L) H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)

MSR30-16 Russian version Fix in progress use mitigations JF233A HP MSR30-16 Router JF234A HP MSR30-16 PoE Router H3C RT-MSR3016-AC-OVS-H3 (0235A327) H3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)

MSR50 Russian version Fix in progress use mitigations JD433A HP MSR50-40 Router JD653A HP MSR50 Processor Module JD655A HP MSR50-40 Multi-Service Router JD656A HP MSR50-60 Multi-Service Router JF231A HP MSR50-60 Router JF285A HP MSR50-40 DC Router JF640A HP MSR50-60 Rtr Chassis w DC PwrSupply H3C MSR 50-40 Router (0235A297) H3C MSR 50 Processor Module (0231A791) H3C MSR 50-40 Chassis (0235A20N) H3C MSR 50-60 Chassis (0235A20L) H3C RT-MSR5060-AC-OVS-H3 (0235A298) H3C MSR5040-DC-OVS-H3C (0235A20P)

MSR50 G2 Russian version Fix in progress use mitigations JD429B HP MSR50 G2 Processor Module H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD (0231A0KL)

MSR9XX Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr JG207A HP MSR900-W Router (NA) JG208A HP MSR920-W Router (NA) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)

MSR9XX Russian version Fix in progress use mitigations JF812A HP MSR900 Router JF813A HP MSR920 Router JF814A HP MSR900-W Router JF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX) H3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0) H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2) H3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)

MSR93X Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR93X Russian version Fix in progress use mitigations JG511A HP MSR930 Router JG512A HP MSR930 Wireless Router JG513A HP MSR930 3G Router JG514A HP MSR931 Router JG515A HP MSR931 3G Router JG516A HP MSR933 Router JG517A HP MSR933 3G Router JG518A HP MSR935 Router JG519A HP MSR935 Wireless Router JG520A HP MSR935 3G Router JG531A HP MSR931 Dual 3G Router JG596A HP MSR930 4G LTE/3G CDMA Router JG597A HP MSR936 Wireless Router JG665A HP MSR930 4G LTE/3G WCDMA Global Router JG704A HP MSR930 4G LTE/3G WCDMA ATT Router

MSR1000 Fix in progress use mitigations JG732A HP MSR1003-8 AC Router

MSR2000 Fix in progress use mitigations JG411A HP MSR2003 AC Router

MSR3000 Fix in progress use mitigations JG404A HP MSR3064 Router JG405A HP MSR3044 Router JG406A HP MSR3024 AC Router JG409A HP MSR3012 AC Router JG861A HP MSR3024 TAA-compliant AC Router

MSR4000 Fix in progress use mitigations JG402A HP MSR4080 Router Chassis JG403A HP MSR4060 Router Chassis JG412A HP MSR4000 MPU-100 Main Processing Unit

F5000 Fix in progress use mitigations JG216A HP F5000 Firewall Standalone Chassis JD259A HP A5000-A5 VPN Firewall Chassis H3C SecPath F5000-A5 Host System (0150A0AG)

U200S and CS Fix in progress use mitigations JD268A HP 200-CS UTM Appliance JD273A HP U200-S UTM Appliance H3C SecPath U200-S (0235A36N)

U200A and M Fix in progress use mitigations JD274A HP 200-M UTM Appliance JD275A HP U200-A UTM Appliance H3C SecPath U200-A (0235A36Q)

F1000A and S Fix in progress use mitigations JD270A HP S1000-S VPN Firewall Appliance JD271A HP S1000-A VPN Firewall Appliance JG213A HP F1000-S-EI VPN Firewall Appliance JG214A HP F1000-A-EI VPN Firewall Appliance

SecBlade FW Fix in progress use mitigations JC635A HP 12500 VPN Firewall Module JD245A HP 9500 VPN Firewall Module JD249A HP 10500/7500 Advanced VPN Firewall Mod JD250A HP 6600 Firewall Processing Rtr Module JD251A HP 8800 Firewall Processing Module JD255A HP 5820 VPN Firewall Module H3C S9500E SecBlade VPN Firewall Module (0231A0AV) H3C S7500E SecBlade VPN Firewall Module (0231A832) H3C SR66 Gigabit Firewall Module (0231A88A) H3C SR88 Firewall Processing Module (0231A88L) H3C S5820 SecBlade VPN Firewall Module (0231A94J)

F1000E Fix in progress use mitigations JD272A HP S1000-E VPN Firewall Appliance

VSR1000 Fix in progress use mitigations JG810AAE HP VSR1001 Virtual Services Router JG811AAE HP VSR1001 Virtual Services Router JG812AAE HP VSR1004 Virtual Services Router JG813AAE HP VSR1008 Virtual Services Router

WX5002/5004 Fix in progress use mitigations JD441A HP 5800 ACM for 64-256 APs JD447B HP WX5002 Access Controller JD448A HP A-WX5004 Access Controller JD448B HP WX5004 Access Controller JD469A HP A-WX5004 (3Com) Access Controller JG261A HP 5800 Access Controller OAA TAA Mod

HP 850/870 Fix in progress use mitigations JG723A HP 870 Unified Wired-WLAN Appliance JG725A HP 870 Unifd Wrd-WLAN TAA Applnc

HP 830 Fix in progress use mitigations JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch JG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch JG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch JG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch

HP 6000 Fix in progress use mitigations JG639A HP 10500/7500 20G Unified Wired-WLAN Mod JG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod

M220 Fix in progress use mitigations J9798A HP M220 802.11n AM Access Point J9799A HP M220 802.11n WW Access Point

NGFW Fix in progress use mitigations JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic JC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic JC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic JC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic JC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic

iMC UAM 7.0 Fix in progress use mitigations JD144A HP IMC UAM S/W Module w/200-User License JF388A HP IMC UAM S/W Module w/200-user License JD435A HP IMC EAD Client Software JF388AAE HP IMC UAM S/W Module w/200-user E-LTU JG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU

iMC EAD 7.0 Fix in progress use mitigations JF391AAE HP IMC EAD S/W Module w/200-user E-LTU JG754AAE HP IMC EAD SW Module w/ 50-user E-LTU JD147A HP IMC Endpoint Admission Defense Software Module with 200-user License JF391A HP IMC EAD S/W Module w/200-user License

iMC PLAT 7.0 Fix in progress use mitigations JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU JG747AAE HP IMC Standard Software Platform with 50-node E-LTU JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU JD125A HP IMC Standard Edition Software Platform with 100-node License JD815A HP IMC Standard Edition Software Platform with 100-node License JD816A HP A-IMC Standard Edition Software DVD Media JF377A HP IMC Standard Edition Software Platform with 100-node License JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU TJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL not HPNs) JF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU JG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU JD126A HP A-IMC Enterprise Software Platform with 200-node License JD808A HP A-IMC Enterprise Software Platform with 200-node License JD814A HP A-IMC Enterprise Edition Software DVD Media JF378A HP IMC Enterprise Edition Software Platform with 200-node License JG546AAE HP IMC Basic SW Platform w/50-node E-LTU JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU JG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU JG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU JG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU JG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition E-LTU JG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance Software E-LTU

HISTORY Version:1 (rev.1) - 20 June 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.

Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com

Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX

Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux)

iEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq CtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM =CEL7 -----END PGP SIGNATURE----- . OpenSSL is a 3rd party product that is embedded with some HP printer products. This bulletin notifies HP Printer customers about impacted products. To obtain the updated firmware, go to www.hp.com and follow these steps:

Select "Drivers & Software". Enter the appropriate product name listed in the table below into the search field. Click on "Search". Click on the appropriate product. Under "Select operating system" click on "Cross operating system (BIOS, Firmware, Diagnostics, etc.)" Note: If the "Cross operating system ..." link is not present, select applicable Windows operating system from the list. Select the appropriate firmware update under "Firmware".

Firmware Updates Table

Product Name Model Number Firmware Revision

HP Color LaserJet CM4540 MFP CC419A, CC420A, CC421A v 2302963_436067 (or higher)

HP Color LaserJet CP5525 CE707A,CE708A,CE709A v 2302963_436070 (or higher)

HP Color LaserJet Enterprise M750 D3L08A, D3L09A, D3L10A v 2302963_436077 (or higher)

HP Color LaserJet M651 CZ255A, CZ256A, CZ257A, CZ258A v 2302963_436073 (or higher)

HP Color LaserJet M680 CZ248A, CZ249A v 2302963_436072 (or higher)

HP Color LaserJet Flow M680 CZ250A, CA251A v 2302963_436072 (or higher)

HP LaserJet Enterprise 500 color MFP M575dn CD644A, CD645A v 2302963_436081 (or higher)

HP LaserJet Enterprise 500 MFP M525f CF116A, CF117A v 2302963_436069 (or higher)

HP LaserJet Enterprise 600 M601 Series CE989A, CE990A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M602 Series CE991A, CE992A, CE993A v 2302963_436082 (or higher)

HP LaserJet Enterprise 600 M603 Series CE994A, CE995A, CE996A v 2302963_436082 (or higher)

HP LaserJet Enterprise MFP M630 series B3G84A, B3G85A, B3G86A, J7X28A v 2303714_233000041 (or higher)

HP LaserJet Enterprise 700 color M775 series CC522A, CC523A, CC524A, CF304A v 2302963_436079 (or higher)

HP LaserJet Enterprise 700 M712 series CF235A, CF236A, CF238A v 2302963_436080 (or higher)

HP LaserJet Enterprise 800 color M855 A2W77A, A2W78A, A2W79A v 2302963_436076 (or higher)

HP LaserJet Enterprise 800 color MFP M880 A2W76A, A2W75A, D7P70A, D7P71A v 2302963_436068 (or higher)

HP LaserJet Enterprise Color 500 M551 Series CF081A,CF082A,CF083A v 2302963_436083 (or higher)

HP LaserJet Enterprise color flow MFP M575c CD646A v 2302963_436081 (or higher)

HP LaserJet Enterprise flow M830z MFP CF367A v 2302963_436071 (or higher)

HP LaserJet Enterprise flow MFP M525c CF118A v 2302963_436069 (or higher)

HP LaserJet Enterprise M4555 MFP CE502A,CE503A, CE504A, CE738A v 2302963_436064 (or higher)

HP LaserJet Enterprise M806 CZ244A, CZ245A v 2302963_436075 (or higher)

HP LaserJet Enterprise MFP M725 CF066A, CF067A, CF068A, CF069A v 2302963_436078 (or higher)

HP Scanjet Enterprise 8500 Document Capture Workstation L2717A, L2719A v 2302963_436065 (or higher)

OfficeJet Enterprise Color MFP X585 B5L04A, B5L05A,B5L07A v 2302963_436066 (or higher)

OfficeJet Enterprise Color X555 C2S11A, C2S12A v 2302963_436074 (or higher)

HP Color LaserJet CP3525 CC468A, CC469A, CC470A, CC471A v 06.183.1 (or higher)

HP LaserJet M4345 Multifunction Printer CB425A, CB426A, CB427A, CB428A v 48.306.1 (or higher)

HP LaserJet M5025 Multifunction Printer Q7840A v 48.306.1 (or higher)

HP Color LaserJet CM6040 Multifunction Printer Q3938A, Q3939A v 52.256.1 (or higher)

HP Color LaserJet Enterprise CP4525 CC493A, CC494A, CC495A v 07.164.1 (or higher)

HP Color LaserJet Enterprise CP4025 CC489A, CC490A v 07.164.1 (or higher)

HP LaserJet M5035 Multifunction Printer Q7829A, Q7830A, Q7831A v 48.306.1 (or higher)

HP LaserJet M9050 Multifunction Printer CC395A v 51.256.1 (or higher)

HP LaserJet M9040 Multifunction Printer CC394A v 51.256.1 (or higher)

HP Color LaserJet CM4730 Multifunction Printer CB480A, CB481A, CB482A, CB483A v 50.286.1 (or higher)

HP LaserJet M3035 Multifunction Printer CB414A, CB415A, CC476A, CC477A v 48.306.1 (or higher)

HP 9250c Digital Sender CB472A v 48.293.1 (or higher)

HP LaserJet Enterprise P3015 CE525A,CE526A,CE527A,CE528A,CE595A v 07.186.1 (or higher)

HP LaserJet M3027 Multifunction Printer CB416A, CC479A v 48.306.1 (or higher)

HP LaserJet CM3530 Multifunction Printer CC519A, CC520A v 53.236.1 (or higher)

HP Color LaserJet CP6015 Q3931A, Q3932A, Q3933A, Q3934A, Q3935A v 04.203.1 (or higher)

HP LaserJet P4515 CB514A,CB515A, CB516A, CB517A v 04.213.1 (or higher)

HP Color LaserJet CM6030 Multifunction Printer CE664A, CE665A v 52.256.1 (or higher)

HP LaserJet P4015 CB509A, CB526A, CB511A, CB510A v 04.213.1 (or higher)

HP LaserJet P4014 CB507A, CB506A, CB512A v 04.213.1 (or higher)

HISTORY Version:1 (rev.1) - 22 September 2014 Initial release

Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201406-0445",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "jboss enterprise application platform",
            scope: "eq",
            trust: 1.3,
            vendor: "redhat",
            version: "6.2.3",
         },
         {
            model: "jboss enterprise web server",
            scope: "eq",
            trust: 1.3,
            vendor: "redhat",
            version: "2.0.1",
         },
         {
            model: "jboss enterprise web platform",
            scope: "eq",
            trust: 1.3,
            vendor: "redhat",
            version: "5.2.0",
         },
         {
            model: "power",
            scope: "eq",
            trust: 1.2,
            vendor: "ibm",
            version: "7200",
         },
         {
            model: "powerlinux 7r2",
            scope: "eq",
            trust: 1.2,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "openssl",
            scope: "lt",
            trust: 1,
            vendor: "openssl",
            version: "0.9.8za",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "6.0",
         },
         {
            model: "rox",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "1.16.1",
         },
         {
            model: "openssl",
            scope: "lt",
            trust: 1,
            vendor: "openssl",
            version: "1.0.0m",
         },
         {
            model: "openssl",
            scope: "gte",
            trust: 1,
            vendor: "openssl",
            version: "1.0.0",
         },
         {
            model: "openssl",
            scope: "gte",
            trust: 1,
            vendor: "openssl",
            version: "1.0.1",
         },
         {
            model: "opensuse",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "13.1",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "20",
         },
         {
            model: "application processing engine",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "2.0.2",
         },
         {
            model: "python",
            scope: "lt",
            trust: 1,
            vendor: "python",
            version: "3.4.2",
         },
         {
            model: "s7-1500",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "1.6",
         },
         {
            model: "jboss enterprise application platform",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "5.2.0",
         },
         {
            model: "node.js",
            scope: "lt",
            trust: 1,
            vendor: "nodejs",
            version: "0.10.29",
         },
         {
            model: "python",
            scope: "lt",
            trust: 1,
            vendor: "python",
            version: "2.7.8",
         },
         {
            model: "server",
            scope: "lt",
            trust: 1,
            vendor: "filezilla",
            version: "0.9.45",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "5",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "19",
         },
         {
            model: "storage",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "2.1",
         },
         {
            model: "python",
            scope: "gte",
            trust: 1,
            vendor: "python",
            version: "3.4.0",
         },
         {
            model: "mariadb",
            scope: "lt",
            trust: 1,
            vendor: "mariadb",
            version: "10.0.13",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "4",
         },
         {
            model: "cp1543-1",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "1.1.25",
         },
         {
            model: "openssl",
            scope: "lt",
            trust: 1,
            vendor: "openssl",
            version: "1.0.1h",
         },
         {
            model: "mariadb",
            scope: "gte",
            trust: 1,
            vendor: "mariadb",
            version: "10.0.0",
         },
         {
            model: "python",
            scope: "gte",
            trust: 1,
            vendor: "python",
            version: "2.7.0",
         },
         {
            model: "opensuse",
            scope: "eq",
            trust: 1,
            vendor: "opensuse",
            version: "13.2",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.9,
            vendor: "ibm",
            version: "7100",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.9,
            vendor: "ibm",
            version: "7400",
         },
         {
            model: "powerlinux 7r1",
            scope: "eq",
            trust: 0.9,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "bladecenter advanced management module 3.66e",
            scope: null,
            trust: 0.9,
            vendor: "ibm",
            version: null,
         },
         {
            model: "junos 12.1x44-d20",
            scope: null,
            trust: 0.9,
            vendor: "juniper",
            version: null,
         },
         {
            model: "power express",
            scope: "eq",
            trust: 0.9,
            vendor: "ibm",
            version: "5200",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "10.4",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "11.4",
         },
         {
            model: "junos 11.4r9",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "13.3",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "12.3",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.6,
            vendor: "ibm",
            version: "7700",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "10.1",
         },
         {
            model: "one-x mobile sip for ios",
            scope: "eq",
            trust: 0.6,
            vendor: "avaya",
            version: "6.2.2",
         },
         {
            model: "one-x mobile sip for ios",
            scope: "eq",
            trust: 0.6,
            vendor: "avaya",
            version: "6.2.5",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "10.0",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.6,
            vendor: "ibm",
            version: "5700",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.6,
            vendor: "ibm",
            version: "7800",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.6,
            vendor: "ibm",
            version: "7300",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.6,
            vendor: "ibm",
            version: "7500",
         },
         {
            model: "junos 10.4s15",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "12.1x45",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "12.1",
         },
         {
            model: "junos 13.2r2",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 10.4r15",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "11.1",
         },
         {
            model: "one-x mobile sip for ios",
            scope: "eq",
            trust: 0.6,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "one-x mobile sip for ios",
            scope: "eq",
            trust: 0.6,
            vendor: "avaya",
            version: "6.2.3",
         },
         {
            model: "junos 13.3r1",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 10.4s",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "one-x mobile sip for ios",
            scope: "eq",
            trust: 0.6,
            vendor: "avaya",
            version: "6.2.4",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "12.2",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "11.2",
         },
         {
            model: "one-x mobile sip for ios",
            scope: "eq",
            trust: 0.6,
            vendor: "avaya",
            version: "6.2.1",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "10.2",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "11.4x27",
         },
         {
            model: "junos 11.4r8",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 10.4r16",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 12.1x45-d10",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "12.1x44",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "13.1",
         },
         {
            model: "junos 12.1r7",
            scope: null,
            trust: 0.6,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.6,
            vendor: "juniper",
            version: "10.3",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8k",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8j",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "1.0.1",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8p",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8n",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8q",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8m",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8l",
         },
         {
            model: "openssl",
            scope: "eq",
            trust: 0.6,
            vendor: "openssl",
            version: "0.9.8o",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "0.9.110.6",
         },
         {
            model: "storevirtual 1tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "power ps702",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "cloudplatform",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.30",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.3.3",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.0.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.117",
         },
         {
            model: "junos d30",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x45",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.112",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.46",
         },
         {
            model: "chrome for android",
            scope: "ne",
            trust: 0.3,
            vendor: "google",
            version: "35.0.1916.141",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "fortigate",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.6",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.6",
         },
         {
            model: "integration bus",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0.0.0",
         },
         {
            model: "tandberg mxp",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "8800",
         },
         {
            model: "enterprise linux server",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.18",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.9.1",
         },
         {
            model: "oncommand performance manager",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5600v210.1",
         },
         {
            model: "nexus series switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "90000",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.10",
         },
         {
            model: "idataplex dx360 m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79120",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.155",
         },
         {
            model: "laserjet pro color printer m251n/nw cf147a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20020140919",
         },
         {
            model: "horizon view feature pack",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.3",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.5",
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.1.0",
         },
         {
            model: "arubaos",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.4",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.6.1",
         },
         {
            model: "cp1543-1",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "0",
         },
         {
            model: "computer telephony integration object server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos 12.1r",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "malware analysis appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.2.2",
         },
         {
            model: "vsphere virtual disk development kit",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1",
         },
         {
            model: "fortimanager",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.7",
         },
         {
            model: "laserjet p2055 printer series ce460a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20141201",
         },
         {
            model: "rational tau",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.35",
         },
         {
            model: "ace application control engine module",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "datafort e-series",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "system type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x3690x571471.43",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "3100v2-480",
         },
         {
            model: "i v5r3",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.1",
         },
         {
            model: "junos 11.4r11",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "proventia network security controller",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.470",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.5.4",
         },
         {
            model: "security analytics platform",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.6.10",
         },
         {
            model: "junos 12.1x46-d25",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "project openssl 1.0.0g",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "junos space ja1500 appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.1.3",
         },
         {
            model: "system type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x3850x571431.43",
         },
         {
            model: "clustered data ontap antivirus connector",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.3",
         },
         {
            model: "laserjet printer series q7543a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52008.241",
         },
         {
            model: "proxyav",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.5",
         },
         {
            model: "laserjet enterprise flow mfp m525c cf118a 2302963 436069",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.20",
         },
         {
            model: "fortios b0537",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.8",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.06",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.0",
         },
         {
            model: "laserjet enterprise m806 cz244a 2302963 436075",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1.3",
         },
         {
            model: "esxi",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.0",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "9.1-release-p15",
            scope: "ne",
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "laserjet enterprise color m775 series cf304a 2302963 436079",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "700",
         },
         {
            model: "fortirecorder",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "1.4.2",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.00",
         },
         {
            model: "openvpn",
            scope: "eq",
            trust: 0.3,
            vendor: "openvpn",
            version: "2.3.3",
         },
         {
            model: "linux i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "rational build forge",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.1",
         },
         {
            model: "solaris",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "9",
         },
         {
            model: "upward integration modules for vmware vsphere",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.0.1",
         },
         {
            model: "aura communication manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "content analysis system software",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1.2.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.11",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.32",
         },
         {
            model: "laserjet enterprise mfp m525f cf117a 2302963 436069",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "500",
         },
         {
            model: "laserjet enterprise color m775 series cc522a 2302963 436079",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "700",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.1",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.15",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.7",
         },
         {
            model: "secure analytics 2013.2r8",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "vpn client v100r001c02spc702",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "laserjet enterprise color mfp m880 d7p70a 2302963 436068",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "800",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.6",
         },
         {
            model: "laserjet pro color mfp m276n/nw cf145a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20020140919",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.1.100.3",
         },
         {
            model: "api management",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.0",
         },
         {
            model: "laserjet m9050 multifunction printer cc395a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "cacheflow",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.2",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x310025820",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "34.0",
         },
         {
            model: "junos 13.1r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "oneview",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1.0",
         },
         {
            model: "integrity superdome and hp converged system for sap hana",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "x9005.50.12",
         },
         {
            model: "asset manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5.20",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.3",
         },
         {
            model: "algo one",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.8",
         },
         {
            model: "service delivery manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.2.1",
         },
         {
            model: "sdn for virtual environments",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.2",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.2",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.5",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.2",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.5.1",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "31005.1.2",
         },
         {
            model: "manageone v100r002c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3.1",
         },
         {
            model: "tivoli composite application manager for transactions",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.0",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "tivoli endpoint manager for remote control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.2.1",
         },
         {
            model: "power express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7400",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.38",
         },
         {
            model: "tivoli workload scheduler distributed ga level",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.2.0",
         },
         {
            model: "snapprotect",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "junos r8-s2",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.34",
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "color laserjet enterprise cp4525 cc495a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "10.0-release-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.49",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "8.0.552.342",
         },
         {
            model: "aura experience portal",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.0",
         },
         {
            model: "oneview",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "1.10",
         },
         {
            model: "laserjet enterprise mfp m725 cf069a 2302963 436078",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.53",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.0.1",
         },
         {
            model: "storevirtual vsa software",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "12.6",
         },
         {
            model: "prime access registrar appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "systems insight manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.48",
         },
         {
            model: "nvp",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "3.2.2",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.1",
         },
         {
            model: "algo one",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.7",
         },
         {
            model: "database and middleware automation",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10.0",
         },
         {
            model: "tivoli netcool/system service monitor fp11",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "cognos business intelligence server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.1",
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "tekelec hlr router",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.0",
         },
         {
            model: "open systems snapvault agent",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "ip office application server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "8.0",
         },
         {
            model: "agile controller v100r001c00spc200",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "web security gateway anywhere",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.7",
         },
         {
            model: "laserjet p4515 cb515a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.203.1",
         },
         {
            model: "laserjet pro mfp m425dn/dw cf286a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020140919",
         },
         {
            model: "laserjet enterprise m712 series cf236a 2302963 436080",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "700",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.49",
         },
         {
            model: "project openssl 1.0.0h",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "mds switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "smart update manager for linux",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5.3.5",
         },
         {
            model: "idol speech software",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.3",
         },
         {
            model: "tivoli composite application manager for transactions",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.2.0",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.1",
         },
         {
            model: "network connect",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.5.0.16091",
         },
         {
            model: "laserjet enterprise color m551 series cf082a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5000",
         },
         {
            model: "sterling connect:express for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.6",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.8",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.124",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.10",
         },
         {
            model: "enterprise manager",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.1",
         },
         {
            model: "telepresence tx series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "90000",
         },
         {
            model: "director",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "5.5.2",
         },
         {
            model: "ftp server",
            scope: "eq",
            trust: 0.3,
            vendor: "cerberus",
            version: "7.0.0.2",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.2.2",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.32",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.2",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.14",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.211",
         },
         {
            model: "laserjet enterprise mfp m725 cf066a 2302963 436078",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.40",
         },
         {
            model: "websphere mq",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "5.3.1.10",
         },
         {
            model: "cognos business intelligence server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.0",
         },
         {
            model: "wx5002/5004 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1.0",
         },
         {
            model: "netscaler 9.3.e",
            scope: null,
            trust: 0.3,
            vendor: "citrix",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.71",
         },
         {
            model: "laserjet m9040 multifunction printer cc394a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "51.256.1",
         },
         {
            model: "updatexpress system packs installer",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "9.61",
         },
         {
            model: "usg5000 v300r001c10sph201",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.46",
         },
         {
            model: "snapdrive for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.3",
         },
         {
            model: "cognos metrics manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1",
         },
         {
            model: "junos space 13.3r1.8",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "proxyav",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.4",
         },
         {
            model: "project openssl 0.9.8y",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "enterprise communications broker pcz2.0.0m4p5",
            scope: null,
            trust: 0.3,
            vendor: "oracle",
            version: null,
         },
         {
            model: "sparc enterprise m4000 xcp",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "1118",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "10.1",
         },
         {
            model: "aura application server sip core pb23",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.0",
         },
         {
            model: "vsr1000 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.33",
         },
         {
            model: "asg2000 v100r001c10sph001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os beta",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "0.9.130.14",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.10",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.14",
         },
         {
            model: "wireless lan controller",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.16",
         },
         {
            model: "junos r4-s2",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: "13.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "0.9.128.3",
         },
         {
            model: "virtuozzo containers for linux",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "4.6",
         },
         {
            model: "laserjet p4015 cb526a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "laserjet enterprise mfp m630 series j7x28a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "laserjet p3005 printer series q7813a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "2.190.3",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.0.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.4",
         },
         {
            model: "vsphere virtual disk development kit",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0",
         },
         {
            model: "infosphere master data management",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "11.0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.24",
         },
         {
            model: "vsm v200r002c00spc503",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.37",
         },
         {
            model: "10.0-stable",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "systems insight manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.1",
         },
         {
            model: "initiate master data service",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "710/7300",
         },
         {
            model: "vdi-in-a-box",
            scope: "ne",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.8",
         },
         {
            model: "fortiauthenticator",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "3.0",
         },
         {
            model: "message networking",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.3",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.08",
         },
         {
            model: "airwave",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "7.4",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "3.1.4",
         },
         {
            model: "server",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "0",
         },
         {
            model: "nextscale nx360 m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "54550",
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.5",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.52",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.110",
         },
         {
            model: "network connect 8.0r3.1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "flex system chassis management module",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "nexus series switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "30000",
         },
         {
            model: "tandberg codian isdn gw",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "32200",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.95",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.8",
         },
         {
            model: "linux ia-64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "enterprise manager ops center",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "12.1.4",
         },
         {
            model: "security access manager for web appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0",
         },
         {
            model: "s5900 v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "esxi",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "watson explorer",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0.0",
         },
         {
            model: "p2000 g3 msa array system ts251p006",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "documentum content server p05",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "7.1",
         },
         {
            model: "laserjet printer series q5404a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "42508.250.2",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.0.5",
         },
         {
            model: "jabber video for telepresence",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "security network intrusion prevention system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.5",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.1.2",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.5",
         },
         {
            model: "flex system p270",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7954-24x)0",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.04",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.10",
         },
         {
            model: "laserjet p4015 cb509a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "mac os",
            scope: "ne",
            trust: 0.3,
            vendor: "apple",
            version: "x10.9.5",
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1.2",
         },
         {
            model: "tivoli workload scheduler distributed fp05",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.5.1",
         },
         {
            model: "tivoli workload scheduler distributed fp01",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1.0",
         },
         {
            model: "data ontap smi-s agent",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.1",
         },
         {
            model: "endeca information discovery studio",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.1",
         },
         {
            model: "snapdrive for windows",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.18",
         },
         {
            model: "big-iq device",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.3",
         },
         {
            model: "10.0-rc3-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "cacheflow",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.3",
         },
         {
            model: "infosphere master data management provider hub",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.0",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "one-x communicator for mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "x1.0.5",
         },
         {
            model: "laserjet m5035 multifunction printer q7829a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "initiate master data service",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.7",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.38",
         },
         {
            model: "telepresence server on multiparty media",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3200",
         },
         {
            model: "s2750&s5700&s6700 v100r006",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "8.0-release",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "director",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "5.5.2.3",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "1.6.1",
         },
         {
            model: "storevirtual 3tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "laserjet enterprise m602 series ce992a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "fortiwifi",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.8",
         },
         {
            model: "laserjet enterprise m712 series cf238a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7000",
         },
         {
            model: "ssl for openvms",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1.4-453",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.1.4",
         },
         {
            model: "junos 12.1r8-s3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "security network intrusion prevention system gx5208-v2",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "aura presence services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.2",
         },
         {
            model: "blackberry enterprise service",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.1.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "8.0.552.344",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x375087220",
         },
         {
            model: "9.2-release-p7",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "content analysis system software",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1.5.5",
         },
         {
            model: "fortimail",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.5",
         },
         {
            model: "junos 12.1x46-d10",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "sparc enterprise m9000 xcp",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "1117",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.14",
         },
         {
            model: "advanced settings utility",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.60",
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0.0",
         },
         {
            model: "websphere datapower xml accelerator xa35",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.0.7",
         },
         {
            model: "(comware family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "12500v7)0",
         },
         {
            model: "automation stratix",
            scope: "ne",
            trust: 0.3,
            vendor: "rockwell",
            version: "590015.6.3",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.5",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.11",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.50",
         },
         {
            model: "storwize",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v5000-",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.72",
         },
         {
            model: "nexus series fabric extenders",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "20000",
         },
         {
            model: "intelligencecenter",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.2",
         },
         {
            model: "project openssl 1.0.1f",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "strm 2012.1r8",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "storevirtual 600gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413012.0",
         },
         {
            model: "financial services lending and leasing",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "14.2",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.3.2",
         },
         {
            model: "fortimail build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.8546",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.55",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.0.5",
         },
         {
            model: "documentum content server p02",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "7.1",
         },
         {
            model: "player",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "9.0.3",
         },
         {
            model: "sbr global enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "color laserjet printer series q7533a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "300046.80.2",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.10",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.19",
         },
         {
            model: "upward integration modules for microsoft system center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.1",
         },
         {
            model: "power ps700",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "bcaaa",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "5.5",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1.7",
         },
         {
            model: "communicator for android",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0",
         },
         {
            model: "laserjet enterprise m712 series cf235a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7000",
         },
         {
            model: "color laserjet cp5525 ce708a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.12",
         },
         {
            model: "desktop collaboration experience dx650",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "aura application server sip core pb28",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.0",
         },
         {
            model: "oncommand workflow automation",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "3.0",
         },
         {
            model: "automation stratix",
            scope: "eq",
            trust: 0.3,
            vendor: "rockwell",
            version: "59000",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.00",
         },
         {
            model: "storevirtual hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433511.5",
         },
         {
            model: "communicator for android",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0.2",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.48",
         },
         {
            model: "telepresence system series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "30000",
         },
         {
            model: "content analysis system software",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1.5.2",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.41",
         },
         {
            model: "secure global desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.63",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.9",
         },
         {
            model: "secure analytics 2014.2r2",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "color laserjet cm4540 mfp cc421a 2302963 436067",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "tivoli workload scheduler for applications fp02",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.4",
         },
         {
            model: "clustered data ontap antivirus connector",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "storevirtual hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.5",
         },
         {
            model: "color laserjet cp6015 q3934a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.203.1",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.5",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "41005.1.21",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.6",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.0",
         },
         {
            model: "storevirtual vsa software",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "12.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.24",
         },
         {
            model: "telepresence ip gateway series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "ape",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "2.0",
         },
         {
            model: "junos 12.1r10",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "flex system en2092 1gb ethernet scalable switch",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.8.4.0",
         },
         {
            model: "p2000 g3 msa array system ts251p005",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "idol software",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.8",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.1",
         },
         {
            model: "smart update manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6.3.0",
         },
         {
            model: "open systems snapvault 3.0.1p6",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "key",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "0",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "51005.2",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.0.5",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.14",
         },
         {
            model: "laserjet p4515 cb515a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "worklight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.1.0.0",
         },
         {
            model: "tivoli netcool/system service monitor fp13",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "laserjet enterprise color m775 series cc523a 2302963 436079",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "700",
         },
         {
            model: "9.3-beta1-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.01",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.11",
         },
         {
            model: "idp",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "secure global desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.1",
         },
         {
            model: "power 780",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "watson explorer security",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.1",
         },
         {
            model: "security network intrusion prevention system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.6",
         },
         {
            model: "power express f/c",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "52056340",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.53",
         },
         {
            model: "tandberg mxp",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "7700",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "9.4",
         },
         {
            model: "junos 12.2r6",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.7",
         },
         {
            model: "u200s and cs family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0",
         },
         {
            model: "security threat response manager 2013.2r8",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "28.0.1500.71",
         },
         {
            model: "pulse desktop 5.0r4.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2",
         },
         {
            model: "cloudburst",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.2",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.3",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413012.0",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.2",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.7",
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "4.6.1",
         },
         {
            model: "winscp",
            scope: "ne",
            trust: 0.3,
            vendor: "winscp",
            version: "5.5.4",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.04",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.3",
         },
         {
            model: "nexus series switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "50000",
         },
         {
            model: "enterprise session border controller ecz7.3m2p2",
            scope: null,
            trust: 0.3,
            vendor: "oracle",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "4.02",
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "4.6.6",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "laserjet m3035 multifunction printer cc476a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "hsr6800 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.1",
         },
         {
            model: "management center",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.3",
         },
         {
            model: "color laserjet m651 cz258a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.3",
         },
         {
            model: "aura session manager sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "switch series (comware",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10500v5)0",
         },
         {
            model: "ddos secure",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: "5.14.1-1",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "3.4.1",
         },
         {
            model: "9.3-beta1-p2",
            scope: "ne",
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "image construction and composition tool",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.1.3",
         },
         {
            model: "video surveillance series ip cameras",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "60000",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3.2",
         },
         {
            model: "vsm v200r002c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "junos 12.2r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "message networking sp3",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "officejet enterprise color mfp b5l05a 2302963 436066",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "x585",
         },
         {
            model: "color laserjet cm4540 mfp cc420a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "dgs-1210-52",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "4.00.025",
         },
         {
            model: "ngfw family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "powervu d9190 comditional access manager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "storevirtual 3tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "integrated management module ii",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "4.31",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.57",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.3",
         },
         {
            model: "msr9xx russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "i v5r3",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1",
         },
         {
            model: "junos 12.3r4-s3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.14",
         },
         {
            model: "ssl vpn",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.0",
         },
         {
            model: "10.0-release-p2",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.9.3",
         },
         {
            model: "malware analysis appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.1.1",
         },
         {
            model: "ive os 7.4r11.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "flex system p260",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-23x)0",
         },
         {
            model: "laserjet enterprise m806 cz244a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "usage meter",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "3.3",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "6.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.73",
         },
         {
            model: "security network intrusion prevention system gx5008",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "storevirtual china hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.5",
         },
         {
            model: "softco v200r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "proxyav",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.4.2.7",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.3",
         },
         {
            model: "s2700&s3700 v100r006c05+v100r06h",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.56",
         },
         {
            model: "horizon mirage edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "4.4.2",
         },
         {
            model: "oceanstor s6800t v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "iq",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.1.1",
         },
         {
            model: "storevirtual 4tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "virtuozzo containers for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "4.6",
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "junos 12.1x44-d25",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "color laserjet cm4730 multifunction printer cb480a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.54",
         },
         {
            model: "sbr enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "laserjet enterprise p3015 ce527a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "telepresence mcu series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "flex system fabric cn4093 10gb converged scalable switch",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.8.4.0",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.3.9.3",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.8",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.014",
         },
         {
            model: "asg2000 v100r001c10",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.154",
         },
         {
            model: "idp 5.1r4",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "security network intrusion prevention system gx4004",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "security network intrusion prevention system gv1000",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "nac manager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "splunk",
            scope: "ne",
            trust: 0.3,
            vendor: "splunk",
            version: "6.0.4",
         },
         {
            model: "aura communication manager utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "smc2.0 v100r002c01b017sp17",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "463012.6",
         },
         {
            model: "laserjet cm3530 multifunction printer cc519a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "53.236.1",
         },
         {
            model: "laserjet pro color mfp m276n/nw cf144a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20020140919",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "58000",
         },
         {
            model: "color laserjet cm4730 multifunction printer cb481a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "email appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "3.7.0.0",
         },
         {
            model: "email security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.3",
         },
         {
            model: "junos os 12.1x46-d20",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "player",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "10.0.2",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.10",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.43",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.13",
         },
         {
            model: "junos 12.2r4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "one-x communicator for mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "x1.0.4",
         },
         {
            model: "network connect 7.4r5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "msa storage gl200r007",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "1040",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1.4",
         },
         {
            model: "tivoli workload scheduler distributed",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.10",
         },
         {
            model: "unified ip phone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "89450",
         },
         {
            model: "rox",
            scope: "ne",
            trust: 0.3,
            vendor: "siemens",
            version: "11.16.1",
         },
         {
            model: "icewall sso dfw",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10.0",
         },
         {
            model: "usg2000 v300r001c10sph201",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "laserjet p4014 cb506a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.0",
         },
         {
            model: "arubaos",
            scope: "ne",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.3.1.8",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.0",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.6",
         },
         {
            model: "system x3500m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73801.42",
         },
         {
            model: "licensing",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "0",
         },
         {
            model: "ive os",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.0",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x325025830",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.53",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.9",
         },
         {
            model: "fortimail",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.1.2",
         },
         {
            model: "version control repository manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.3",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.0",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.5",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "2.1.5",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.00",
         },
         {
            model: "service delivery manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.2.2",
         },
         {
            model: "enterprise content management system monitor",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1",
         },
         {
            model: "storevirtual 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "switch series (comware",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10500v7)0",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.3.2.6",
         },
         {
            model: "idol image server",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "10.7",
         },
         {
            model: "ecns600 v100r002c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "espace u19** v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "project openssl 1.0.0c",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "sbr carrier",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.5",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1.0",
         },
         {
            model: "spa112 2-port phone adapter",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "cloudplatform",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.2.1-x",
         },
         {
            model: "watson explorer security",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0",
         },
         {
            model: "laserjet enterprise color m551 series cf081a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5000",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.0",
         },
         {
            model: "universal small cell series software",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "70003.4.20",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6.2",
         },
         {
            model: "oceanstor s5600t v100r005c30spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "9.0--releng",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "laserjet enterprise color m855 a2w78a 2302963 436076",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "800",
         },
         {
            model: "one-x communicator for mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "x1.0.2",
         },
         {
            model: "color laserjet printer series q5984a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "380046.80.8",
         },
         {
            model: "simatic cp1543-1",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "1.1",
         },
         {
            model: "power express f/c",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "52056330",
         },
         {
            model: "color laserjet cp5525 ce707a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "9.0-releng",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "system dx360m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73231.42",
         },
         {
            model: "storevirtual china hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.5",
         },
         {
            model: "psb email and server security",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "10.00",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.3-66.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.23",
         },
         {
            model: "laserjet p4014 cb507a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "bladecenter js43 with feature code",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7778-23x8446)0",
         },
         {
            model: "toolscenter suite",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "9.53",
         },
         {
            model: "unified communications series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "5000",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.18",
         },
         {
            model: "junos space 11.4r5.5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "system storage ts2900 tape library",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0026",
         },
         {
            model: "junos 12.1r7-s1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "8.4-release-p12",
            scope: "ne",
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "netcool/system service monitor fix pack",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.014",
         },
         {
            model: "exalogic",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "x2-22.0.6.2.0",
         },
         {
            model: "color laserjet m680 cz248a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "bbm for android",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.46",
         },
         {
            model: "fortianalyzer",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.5",
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.6.0",
         },
         {
            model: "color laserjet enterprise cp4025 cc489a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.164.1",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1",
         },
         {
            model: "tivoli management framework",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1.1",
         },
         {
            model: "laserjet m3027 multifunction printer cb416a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "security information and event management hf11",
            scope: "ne",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.3.2",
         },
         {
            model: "laserjet pro mfp m425dn/dw cf288a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020140919",
         },
         {
            model: "snapdrive for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2",
         },
         {
            model: "junos 12.1r5-s3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.0.12",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x363071580",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.8",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.29",
         },
         {
            model: "asset manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.30",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.4",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.2.1",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.1.1",
         },
         {
            model: "content analysis system",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1",
         },
         {
            model: "aura presence services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "vsphere storage appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5.1",
         },
         {
            model: "aura experience portal sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1",
         },
         {
            model: "big-iq cloud",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.1",
         },
         {
            model: "elan",
            scope: "ne",
            trust: 0.3,
            vendor: "siemens",
            version: "8.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.15",
         },
         {
            model: "tivoli storage productivity center fp3",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2",
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "10.0",
         },
         {
            model: "laserjet m5035 multifunction printer q7831a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x46",
         },
         {
            model: "cacheflow",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "2.2",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.5",
         },
         {
            model: "msr2000 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6.5",
         },
         {
            model: "email security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.2",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1",
         },
         {
            model: "initiate master data service provider hub",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.7",
         },
         {
            model: "storevirtual 3tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "aura presence services sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "color laserjet printer series cb433a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "470046.230.6",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.3",
         },
         {
            model: "laserjet enterprise m712 series cf236a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7000",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "3.1.12",
         },
         {
            model: "tivoli netcool/system service monitor fp9",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "communicator for ipad",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0.1",
         },
         {
            model: "color laserjet printer series q7535a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "300046.80.2",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "8.1.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.7",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.2",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.3",
         },
         {
            model: "linux s/390",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "aura experience portal",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "svn2200 v200r001c01hp0001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "storevirtual fc 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "bladecenter js12 express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7998-60x)0",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.0.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.12",
         },
         {
            model: "project openssl beta3",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0",
         },
         {
            model: "laserjet multifunction printer series q3943a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43459.310.2",
         },
         {
            model: "usg9500 v300r001c01spc300",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "laserjet p4015 cb526a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.7",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0",
         },
         {
            model: "cms r16 r6",
            scope: null,
            trust: 0.3,
            vendor: "avaya",
            version: null,
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.2",
         },
         {
            model: "system x3200m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73271.42",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.1",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.115",
         },
         {
            model: "cit",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.52",
         },
         {
            model: "storevirtual 1tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "flashsystem 9840-ae1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "840",
         },
         {
            model: "sterling connect:direct for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1",
         },
         {
            model: "management center",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.3.2.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.12",
         },
         {
            model: "storevirtual 450gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.0",
         },
         {
            model: "color laserjet cp3505 printer series ce491a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "3.160.2",
         },
         {
            model: "laserjet m5035 multifunction printer q7830a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "algo one",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0",
         },
         {
            model: "network connect",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.4.0.15779",
         },
         {
            model: "color laserjet cp3525 cc468a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "6.183.1",
         },
         {
            model: "open systems snapvault",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.6",
         },
         {
            model: "8.4-release-p4",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "aura application server sip core pb5",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53003.0",
         },
         {
            model: "view client",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "4.0",
         },
         {
            model: "host agent for oncommand core package",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "mcp russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "66000",
         },
         {
            model: "storevirtual 1tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "network connect",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.0.0.12141",
         },
         {
            model: "real-time compression appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.9.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.159",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "ecns610 v100r001c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.24",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.93",
         },
         {
            model: "color laserjet printer series q7495a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "470046.230.6",
         },
         {
            model: "a6600 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "netezza platform software",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.0.817",
         },
         {
            model: "laserjet enterprise m602 series ce991a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "f5000 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "color laserjet cm6030 multifunction printer ce664a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52.256.1",
         },
         {
            model: "9.2-release-p8",
            scope: "ne",
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.1",
         },
         {
            model: "color laserjet enterprise cp4025 cc489a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "network connect 7.4r9.1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vcsa",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0",
         },
         {
            model: "idataplex dx360 m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79130",
         },
         {
            model: "protection service for email",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "7.5",
         },
         {
            model: "color laserjet cp3525 cc471a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "6.183.1",
         },
         {
            model: "laserjet enterprise flow mfp m525c cf118a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "junos r11",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1",
         },
         {
            model: "proventia network security controller",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.913",
         },
         {
            model: "laserjet enterprise color flow mfp m575c cd646a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "laserjet m3035 multifunction printer cb415a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "junos 10.4s13",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "6.0",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.3",
         },
         {
            model: "laserjet cm3530 multifunction printer cc520a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.7",
         },
         {
            model: "sdn for virtual environments",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.0",
         },
         {
            model: "oceanstor s5600t v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.2",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x47",
         },
         {
            model: "espace iad v300r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.44",
         },
         {
            model: "color laserjet cp5525 ce708a 2302963 436070",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "cognos express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.1",
         },
         {
            model: "pk family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1810v10",
         },
         {
            model: "color laserjet cp6015 q3935a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "3par service processor sp-4.2.0.ga-29.p002",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "3.1.10",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1",
         },
         {
            model: "telepresence server on virtual machine",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "laserjet enterprise m602 series ce993a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.126",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "2.1.5-2",
         },
         {
            model: "laserjet m4345 multifunction printer cb427a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "open systems snapvault",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.6.1",
         },
         {
            model: "laserjet p4515 cb517a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.9",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "color laserjet cp5525 ce709a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "laserjet m5025 multifunction printer q7840a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.12",
         },
         {
            model: "oceanstor s5800t v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.2",
         },
         {
            model: "security network intrusion prevention system gx4002",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "oceanstor s5800t v100r005c30spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "color laserjet cp6015 q3933a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "bladesystem c-class virtual connect",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "4.20",
         },
         {
            model: "color laserjet flow m680 cz250a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "junos 11.4r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vdi communicator",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.0.2",
         },
         {
            model: "color laserjet cp3505 printer series cb444a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "3.160.2",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.5.3",
         },
         {
            model: "icewall sso dfw r3",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.10",
         },
         {
            model: "web security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.7",
         },
         {
            model: "color laserjet printer series cb432a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "470046.230.6",
         },
         {
            model: "cognos express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1",
         },
         {
            model: "one-x client enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.1",
         },
         {
            model: "horizon view client",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.3.1",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.4",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.7.0",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.0.00",
         },
         {
            model: "color laserjet multifunction printer series q7519a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "telepresence tx series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "90006.1.20",
         },
         {
            model: "flashsystem 9848-ae1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "840",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "2.1.2",
         },
         {
            model: "malware analysis appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.2.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.31",
         },
         {
            model: "flex system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v70007.2",
         },
         {
            model: "sdk for node.js",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.0.2",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.00",
         },
         {
            model: "proxysg sgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.5.6.2",
         },
         {
            model: "junos os 12.1x47-d15",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.25",
         },
         {
            model: "junos 13.1r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vfabric application director",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0",
         },
         {
            model: "storevirtual 3tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "tandberg mxp",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "9900",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.10",
         },
         {
            model: "enterprise manager",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.3",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.2",
         },
         {
            model: "cloud service automation",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "4.00",
         },
         {
            model: "d9036 modular encoding platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "cluster network/management switches",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "vma san gateway g5.5.1",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "flex system p260 compute node /fc efd9",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "10.0-rc1-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "blackberry os",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.0.92743",
         },
         {
            model: "system storage ts2900 tape library",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0025",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8300",
         },
         {
            model: "color laserjet cm6040 multifunction printer q3938a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.0",
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "chargeback manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "2.6",
         },
         {
            model: "fortianalyzer",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.2",
         },
         {
            model: "color laserjet m651 cz258a 2302963 436073",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5950",
         },
         {
            model: "tivoli netcool/system service monitor fp7",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.4",
         },
         {
            model: "sterling b2b integrator",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2",
         },
         {
            model: "flex system p260",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-22x)0",
         },
         {
            model: "cognos business intelligence server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2",
         },
         {
            model: "tssc",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "7.3.15",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.7",
         },
         {
            model: "secblade fw family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.5.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.42",
         },
         {
            model: "icewall mcrp",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "2.1",
         },
         {
            model: "snapdrive for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1",
         },
         {
            model: "guardium database activity monitor",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.2",
         },
         {
            model: "bbm for iphone",
            scope: "ne",
            trust: 0.3,
            vendor: "rim",
            version: "2.2.1.24",
         },
         {
            model: "vsphere sdk for perl",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "laserjet enterprise color mfp m880 a2w76a 2302963 436068",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "800",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "31.0.1650.59",
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2.1",
         },
         {
            model: "enterprise linux hpc node",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "project openssl 0.9.8s",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "aura communication manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.1",
         },
         {
            model: "telepresence serial gateway series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "uacos c4.4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "1.6",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "elog v100r003c01",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2",
         },
         {
            model: "proxysg sgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.2",
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.3.0",
         },
         {
            model: "ata series analog telephone adaptor",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "1900",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.2.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.7",
         },
         {
            model: "flare experience for ipad",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.2.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.125",
         },
         {
            model: "communication server 1000e signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.5",
         },
         {
            model: "aura communication manager utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.0.9.8",
         },
         {
            model: "laserjet enterprise p3015 ce528a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.186.1",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "1.3",
         },
         {
            model: "unified ip phone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "89610",
         },
         {
            model: "idol speech software",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "10.7",
         },
         {
            model: "enterprise linux server",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5",
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "color laserjet enterprise cp4525 cc494a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.7",
         },
         {
            model: "vcenter operations manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.8.1",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5.0",
         },
         {
            model: "storevirtual hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.6",
         },
         {
            model: "mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.7.5",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.9.5",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.30",
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.51",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364160",
         },
         {
            model: "fortianalyzer",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.4",
         },
         {
            model: "prime lan management solution",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "msr50 g2 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "iq",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5",
         },
         {
            model: "flex system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v70006.4",
         },
         {
            model: "big-ip edge clients for linux",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "7080",
         },
         {
            model: "dgs-1500-52",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "2.51.005",
         },
         {
            model: "junos 11.4r6-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet m9040 multifunction printer cc394a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "cms r17ac.h",
            scope: null,
            trust: 0.3,
            vendor: "avaya",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.1",
         },
         {
            model: "color laserjet cp3525 cc470a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "storevirtual 1tb mdl china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.122",
         },
         {
            model: "laserjet pro color printer m251n/nw cf146a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20020140919",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.0.1",
         },
         {
            model: "laserjet printer series q5401a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "42508.250.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.47",
         },
         {
            model: "blackberry os",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.0.10",
         },
         {
            model: "ucs central",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "power ps703 blade",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7891-73x)0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "3.3.1",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.36",
         },
         {
            model: "system storage ts3400 tape library",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0039",
         },
         {
            model: "dynamic system analysis",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.60",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.6",
         },
         {
            model: "s7700&s9700 v200r003",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "flex system p460 compute node",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-43x)0",
         },
         {
            model: "update manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.1.3",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "1.0.6",
         },
         {
            model: "sterling connect:direct for microsoft windows",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "4.7",
         },
         {
            model: "openvpn",
            scope: "ne",
            trust: 0.3,
            vendor: "openvpn",
            version: "2.3.4",
         },
         {
            model: "junos 12.1x44-d32",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "splunk",
            scope: "ne",
            trust: 0.3,
            vendor: "splunk",
            version: "6.1.2",
         },
         {
            model: "freedome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "0",
         },
         {
            model: "fortios b0630",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.8",
         },
         {
            model: "proventia network security controller",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.1768",
         },
         {
            model: "nac guest server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.00",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.60",
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "8.4",
         },
         {
            model: "dsr-1000n 1.09.b61",
            scope: "ne",
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "unity connection",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "project metasploit framework",
            scope: "eq",
            trust: 0.3,
            vendor: "metasploit",
            version: "4.1.0",
         },
         {
            model: "oncommand unified manager host package",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "idp",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.1",
         },
         {
            model: "oceanstor s2200t v100r005c30spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "web security",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.7",
         },
         {
            model: "communication server 1000m",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.0",
         },
         {
            model: "icewall sso dfw r1",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.0",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.4.1",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2.10",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.1",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.14",
         },
         {
            model: "security enterprise scanner",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.3",
         },
         {
            model: "spa232d multi-line dect ata",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "policy center v100r003c00spc305",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.1",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5600v19.7",
         },
         {
            model: "bladesystem c-class onboard administrator",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "4.11",
         },
         {
            model: "infosphere guardium",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.2",
         },
         {
            model: "flex system p270 compute node",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7954-24x)0",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "58200",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.52",
         },
         {
            model: "laserjet pro m401a/d/dn/dnw/dw/n cf285a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020150212",
         },
         {
            model: "crossbow",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "0",
         },
         {
            model: "big-ip afm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "system x3650m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79471.42",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.0",
         },
         {
            model: "system x3200m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73281.42",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.16",
         },
         {
            model: "ios software",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "i v5r4",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.39",
         },
         {
            model: "ios xe software",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "vcenter server",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1",
         },
         {
            model: "color laserjet cm6040 multifunction printer q3939a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "tandberg codian isdn gw",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "32400",
         },
         {
            model: "color laserjet cp6015 q3933a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.203.1",
         },
         {
            model: "project openssl b",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "integrated management module ii",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "3.76",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.1",
         },
         {
            model: "10.0-release-p5",
            scope: "ne",
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "laserjet m3027 multifunction printer cc479a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.1",
         },
         {
            model: "laserjet multifunction printer series q3942a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43459.310.2",
         },
         {
            model: "crossbow",
            scope: "ne",
            trust: 0.3,
            vendor: "siemens",
            version: "4.2.3",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "9.2",
         },
         {
            model: "junos 10.4s14",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "oncommand unified manager core package",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.25",
         },
         {
            model: "storevirtual 600gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413011.5",
         },
         {
            model: "project openssl k",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "laserjet m4345 multifunction printer cb428a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "storevirtual 2tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.1",
         },
         {
            model: "anyconnect secure mobility client for android",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "uacos c4.4r11.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "dsr-500n 1.09.b61",
            scope: "ne",
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "color laserjet m651 cz255a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "unified contact center enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.16",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.8",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.11",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0",
         },
         {
            model: "storeever msl6480 tape library",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.40",
         },
         {
            model: "msr3000 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "video surveillance series ip camera",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "40000",
         },
         {
            model: "tivoli endpoint manager for remote control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0.1",
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "10.0",
         },
         {
            model: "color laserjet enterprise m750 d3l09a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "anyconnect secure mobility client for desktop platforms",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos space 13.1r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.013",
         },
         {
            model: "initiate master data service",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.2",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.3",
         },
         {
            model: "laserjet enterprise color m855 a2w79a 2302963 436076",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "800",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.67",
         },
         {
            model: "filenet system monitor",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.5",
         },
         {
            model: "spa510 series ip phones",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "operations automation",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "5.4",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.20",
         },
         {
            model: "4800g switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "junos 12.1x44-d34",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "flex system p460",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-43x)0",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3.7",
         },
         {
            model: "fortimail",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.4",
         },
         {
            model: "idp 4.1r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "solaris",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "10",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.00",
         },
         {
            model: "storevirtual vsa software",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "11.5",
         },
         {
            model: "storevirtual 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "big-ip afm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5",
         },
         {
            model: "tivoli endpoint manager for remote control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.2",
         },
         {
            model: "usg9500 v200r001c01sph902",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "data ontap smi-s agent",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.31",
         },
         {
            model: "laserjet enterprise m4555 mfp ce503a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "service manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.11",
         },
         {
            model: "sylpheed",
            scope: "ne",
            trust: 0.3,
            vendor: "sylpheed",
            version: "3.4.2",
         },
         {
            model: "host checker",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.3",
         },
         {
            model: "junos space ja2500 appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "enterprise linux server eus 6.5.z",
            scope: null,
            trust: 0.3,
            vendor: "redhat",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "9.0",
         },
         {
            model: "laserjet m5035 multifunction printer q7831a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.10",
         },
         {
            model: "business server",
            scope: "eq",
            trust: 0.3,
            vendor: "mandriva",
            version: "1",
         },
         {
            model: "prime performance manager for sps",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "receiver",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "0",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "storevirtual 4tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "update manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "clustered data ontap antivirus connector",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.2",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.12",
         },
         {
            model: "secure work space",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "0",
         },
         {
            model: "color laserjet cp6015 q3935a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "53.236.1",
         },
         {
            model: "s7700&s9700 v200r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "wide area application services",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "telepresence server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "87100",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.2",
         },
         {
            model: "color laserjet cm4730 multifunction printer cb482a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "aura application server sip core",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.0",
         },
         {
            model: "sterling file gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.37",
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "s3900 v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "aura communication manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.3.0.3",
         },
         {
            model: "collaboration services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "unified communications widgets click to call",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.16",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.49",
         },
         {
            model: "color laserjet cp6015 q3933a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "53.236.1",
         },
         {
            model: "softco v100r003",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.6",
         },
         {
            model: "enterprise manager ops center",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "11.1.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.13",
         },
         {
            model: "telepresence t series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "unified attendant console advanced",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "idol software",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "10.7",
         },
         {
            model: "workstation",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "9.0.3",
         },
         {
            model: "puredata system for hadoop",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.02",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.0.3",
         },
         {
            model: "ftp server",
            scope: "eq",
            trust: 0.3,
            vendor: "cerberus",
            version: "7.0.0.1",
         },
         {
            model: "proventia network security controller 1.0.3352m",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "idatplex dx360 m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79130",
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5600v310.1",
         },
         {
            model: "telepresence system",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "10000",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.4",
         },
         {
            model: "aura messaging",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.169",
         },
         {
            model: "cognos business intelligence server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.4.1",
         },
         {
            model: "fastsetup",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.11",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.4",
         },
         {
            model: "flare experience for ipad",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.26",
         },
         {
            model: "tandberg codian isdn gw",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "32100",
         },
         {
            model: "laserjet printer series q5409a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43508.250.2",
         },
         {
            model: "laserjet enterprise mfp m630 series b3g85a 2303714 233000041",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "solaris",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "11.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.2",
         },
         {
            model: "cacheflow",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.0",
         },
         {
            model: "tivoli workload scheduler distributed",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.5.1",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "2.1.5-3",
         },
         {
            model: "color laserjet multifunction printer series cb483a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3.1",
         },
         {
            model: "jabber for ios",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "dgs-1500-28p",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "2.51.005",
         },
         {
            model: "security information and event management",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.4",
         },
         {
            model: "project openssl 0.9.8n",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "junos 11.4r12",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.14",
         },
         {
            model: "security network intrusion prevention system gx5208",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "6.1.1",
         },
         {
            model: "a6600 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.5.1",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.1",
         },
         {
            model: "laserjet multifunction printer series q3728a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.290.2",
         },
         {
            model: "junos space 12.3r2.8",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "system x3650m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79451.42",
         },
         {
            model: "version control repository manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3",
         },
         {
            model: "rational tau",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.36",
         },
         {
            model: "security network intrusion prevention system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.3",
         },
         {
            model: "color laserjet cp6015 q3932a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.203.1",
         },
         {
            model: "operations analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "2.0",
         },
         {
            model: "bcaaa",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.9",
         },
         {
            model: "aura messaging",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "vcloud networking and security",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1.2",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.3",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.3.2.4",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.213",
         },
         {
            model: "vsphere support assistant",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "endpoint manager for remote control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1.0",
         },
         {
            model: "upward integration modules for microsoft system center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.2",
         },
         {
            model: "manageone v100r001c02",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "vcenter server",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.7",
         },
         {
            model: "laserjet m4345 multifunction printer cb426a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "storevirtual 1tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "tivoli netcool/system service monitor fp2",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "rational tau",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.34",
         },
         {
            model: "s7700&s9700 v100r006",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "31005.2",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.19",
         },
         {
            model: "flex system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v70007.1",
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.2",
         },
         {
            model: "s6900 v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: "14.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.65",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.3",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.1.1",
         },
         {
            model: "ucs b-series servers",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.7.4",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.16",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.011",
         },
         {
            model: "junos r7",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.3",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.29",
         },
         {
            model: "storeever msl6480 tape library",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip afm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "junos os 11.4r12-s1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.2",
         },
         {
            model: "3par service processor sp-4.3.0.ga-17.p001",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "laserjet printer series q5407a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43508.250.2",
         },
         {
            model: "laserjet enterprise color mfp m880 a2w76a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8000",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.28",
         },
         {
            model: "storevirtual hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.6",
         },
         {
            model: "laserjet enterprise color m775 series cc524a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7000",
         },
         {
            model: "universal small cell series software",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "50003.4.2.0",
         },
         {
            model: "laserjet p4515 cb515a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "cloudburst",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.1",
         },
         {
            model: "big-ip pem",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5",
         },
         {
            model: "junos 12.1r9",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0",
         },
         {
            model: "junos 11.4r10-s1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "firepass",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "6.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.45",
         },
         {
            model: "junos 12.1x46-d20",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "cit",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.41",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.116",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.73",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.1.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.67",
         },
         {
            model: "junos 12.2r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.2",
         },
         {
            model: "cognos business intelligence server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.11",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3.0",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.1",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.015",
         },
         {
            model: "mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.9",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.09",
         },
         {
            model: "sbr carrier 8.0.0-r2",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "documentum content server sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.1.1",
         },
         {
            model: "malware analysis appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.2",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.2",
         },
         {
            model: "storevirtual 4tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "security analytics platform",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "7.0",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "77109.7",
         },
         {
            model: "laserjet pro m401a/d/dn/dnw/dw/n cf399a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020150212",
         },
         {
            model: "color laserjet cp3525 cc469a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "6.183.1",
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.4.1",
         },
         {
            model: "guardium database activity monitor",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0",
         },
         {
            model: "quantum policy suite",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "laserjet enterprise color m775 series cc522a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7000",
         },
         {
            model: "aura session manager sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "msr20 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip aam",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.0",
         },
         {
            model: "forticlient",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "3.0.614",
         },
         {
            model: "iq",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "asset manager 9.41.p1",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.1",
         },
         {
            model: "cloudsystem enterprise software",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.0.2",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.6",
         },
         {
            model: "cognos tm1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1.1.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.57",
         },
         {
            model: "msr1000 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.88",
         },
         {
            model: "proxysgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.3",
         },
         {
            model: "9.2-rc2-p2",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "utm manager",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "4.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.51",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.9",
         },
         {
            model: "ip office server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "9.0",
         },
         {
            model: "tivoli netcool/system service monitor fp10",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "storwize unified",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v70001.3",
         },
         {
            model: "cloud server",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "6.0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.16",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.0",
         },
         {
            model: "system x3630m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73771.42",
         },
         {
            model: "workstation",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "10.0.2",
         },
         {
            model: "rational build forge",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0",
         },
         {
            model: "bladesystem c-class onboard administrator",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.22",
         },
         {
            model: "fortirecorder",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "1.4.1",
         },
         {
            model: "enterprise linux long life 5.9.server",
            scope: null,
            trust: 0.3,
            vendor: "redhat",
            version: null,
         },
         {
            model: "tssc",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0",
         },
         {
            model: "powerlinux 7r4",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "vcenter chargeback manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "2.6",
         },
         {
            model: "network connect",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.1.0.18193",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "463012.0",
         },
         {
            model: "storevirtual china hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.6",
         },
         {
            model: "color laserjet cp6015 q3931a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.203.1",
         },
         {
            model: "system dx360m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73211.42",
         },
         {
            model: "telepresence mxp series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "blackberry enterprise service",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.1.2",
         },
         {
            model: "infosphere balanced warehouse c4000",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "fusion",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "6.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.123",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.7",
         },
         {
            model: "upward integration modules for vmware vsphere",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.0.2",
         },
         {
            model: "jetdirect ew2500 802.11b/g wireless print server j8021a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "41.16",
         },
         {
            model: "cit",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.53",
         },
         {
            model: "color laserjet cm4730 multifunction printer cb483a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "50.286.1",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "3.1",
         },
         {
            model: "junos r2-s2",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "13.3",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.12",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7900.00",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.50",
         },
         {
            model: "project metasploit framework",
            scope: "eq",
            trust: 0.3,
            vendor: "metasploit",
            version: "4.9.1",
         },
         {
            model: "client connector",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.0",
         },
         {
            model: "smart update manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6.4",
         },
         {
            model: "integrated management module ii",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "3.91",
         },
         {
            model: "laserjet enterprise m4555 mfp ce738a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "junos os 12.2r9",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "color laserjet cm4730 multifunction printer cb480a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "50.286.1",
         },
         {
            model: "flare experience for ipad",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.2.2",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.1.4",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4",
         },
         {
            model: "communicator for ipad",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0",
         },
         {
            model: "lifetime key management appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "bladesystem c-class onboard administrator",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "4.20",
         },
         {
            model: "vix api",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.12",
         },
         {
            model: "srg1200&2200&3200 v100r002c02spc800",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "telepresence server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "70100",
         },
         {
            model: "one-x client enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.2",
         },
         {
            model: "ei switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "51200",
         },
         {
            model: "color laserjet cm4730 multifunction printer cb481a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "50.286.1",
         },
         {
            model: "laserjet pro m401a/d/dn/dnw/dw/n cf270a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020150212",
         },
         {
            model: "project openssl beta2",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "2.1",
         },
         {
            model: "big-ip afm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "linux mips",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "13.3",
         },
         {
            model: "infosphere guardium",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.5",
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.2",
         },
         {
            model: "proactive contact",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.1",
         },
         {
            model: "laserjet enterprise color m855 a2w78a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8000",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.15",
         },
         {
            model: "message networking sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.2",
         },
         {
            model: "strm",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "2012.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.26",
         },
         {
            model: "prime data center network manager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "storevirtual 1tb mdl china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "infosphere balanced warehouse d5100",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "cc v200r001c31",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "cognos tm1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.2",
         },
         {
            model: "junos 13.2r2-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 12.1r8",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 11.1r5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "s12700 v200r005+v200r005hp0",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "xenmobile app controller",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "2.10",
         },
         {
            model: "websphere datapower xml accelerator xa35",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.0",
         },
         {
            model: "laserjet enterprise color m775 series cc523a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7000",
         },
         {
            model: "blackberry os",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.0.10648",
         },
         {
            model: "laserjet p4014 cb507a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "xenmobile app controller",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "2.9",
         },
         {
            model: "database and middleware automation",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10.10",
         },
         {
            model: "oceanstor s5500t v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.1.0",
         },
         {
            model: "8.0-stable",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "software development kit",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "storevirtual china hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.6",
         },
         {
            model: "netscaler build",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "8.047.8",
         },
         {
            model: "enterprise linux server eus 6.4.z",
            scope: null,
            trust: 0.3,
            vendor: "redhat",
            version: null,
         },
         {
            model: "vcd",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5.11",
         },
         {
            model: "security information and event management hf3",
            scope: "ne",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.1.4",
         },
         {
            model: "laserjet enterprise color m551 series cf083a 2302963 436083",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "500",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.0.1.2",
         },
         {
            model: "documentum content server sp2 p13",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "enterprise server x86 64",
            scope: "eq",
            trust: 0.3,
            vendor: "mandrakesoft",
            version: "5",
         },
         {
            model: "icewall sso dfw r2",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.0",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.5",
         },
         {
            model: "agent desktop for cisco unified contact center express",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "laserjet p2055 printer series ce456a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20141201",
         },
         {
            model: "messaging secure gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "7.1",
         },
         {
            model: "oneview",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1.01",
         },
         {
            model: "9250c digital sender cb472a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "i v5r4",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1",
         },
         {
            model: "smart update manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6.0.0",
         },
         {
            model: "cognos metrics manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.1",
         },
         {
            model: "one-x client enablement services sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "netiq admininstration console server",
            scope: "eq",
            trust: 0.3,
            vendor: "novell",
            version: "0",
         },
         {
            model: "director",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.1.131",
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "s2750&s5700&s6700 v200r005+v200r005hp0",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "systems insight manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "41005.1.2",
         },
         {
            model: "sparc m10-4",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "0",
         },
         {
            model: "junos 13.3r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "one-x client enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "communication server 1000m",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.6",
         },
         {
            model: "software foundation python",
            scope: "eq",
            trust: 0.3,
            vendor: "python",
            version: "3.5",
         },
         {
            model: "power express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7100",
         },
         {
            model: "meeting exchange",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.1",
         },
         {
            model: "laserjet enterprise color m855 a2w79a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8000",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "10.0-76.7",
         },
         {
            model: "bbm for iphone",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "0",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.0.4",
         },
         {
            model: "anyconnect secure mobility client",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "9.3",
         },
         {
            model: "documentum content server sp2 p14",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "communication server 1000m signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.6",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.3.8.3",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3.1",
         },
         {
            model: "color laserjet cp6015 q3934a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "tivoli endpoint manager for remote control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0",
         },
         {
            model: "flex system enterprise chassis",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8721",
         },
         {
            model: "color laserjet m651 cz257a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "director",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.0",
         },
         {
            model: "laserjet enterprise m4555 mfp ce502a 2302963 436064",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "vsphere virtual disk development kit",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "ive os 8.0r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "system storage ts2900 tape librray",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "0033",
         },
         {
            model: "laserjet enterprise m4555 mfp ce504a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "communication server 1000e",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.6",
         },
         {
            model: "laserjet cm3530 multifunction printer cc519a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.9",
         },
         {
            model: "ecns600 v100r001c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "10.0-77.5",
         },
         {
            model: "web gateway",
            scope: "ne",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.4.2.1",
         },
         {
            model: "snapdrive for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0.3",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.3",
         },
         {
            model: "laserjet p3005 printer series q7816a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "2.190.3",
         },
         {
            model: "jabber voice for iphone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.6",
         },
         {
            model: "9.3-prerelease",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "unified ip conference phone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "88310",
         },
         {
            model: "project openssl 1.0.0e",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "junos os 12.1x46-d25",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet p4515 cb516a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.172",
         },
         {
            model: "project openssl beta1",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0",
         },
         {
            model: "aura application server sip core pb19",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.0",
         },
         {
            model: "bladecenter js22",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7998-61x)0",
         },
         {
            model: "storevirtual 450gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.15",
         },
         {
            model: "project openssl a",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.65",
         },
         {
            model: "executive scorecard",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.41",
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "4.6.5",
         },
         {
            model: "8.4-releng",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "infosphere balanced warehouse c3000",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3.6",
         },
         {
            model: "esxi",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6.4",
         },
         {
            model: "junos 12.3r7",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "security network intrusion prevention system gx7800",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "security manager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "uacos c5.0",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "strm/jsa",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "2013.2",
         },
         {
            model: "junos 12.3r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "z/tpf",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.10",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.40",
         },
         {
            model: "security network intrusion prevention system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.6.1",
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473011.5",
         },
         {
            model: "laserjet enterprise color mfp m880 d7p70a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8000",
         },
         {
            model: "communication server 1000m",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "storevirtual 1tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "storevirtual hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.0",
         },
         {
            model: "laserjet p4515 cb514a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.2.0.9",
         },
         {
            model: "puredata system for operational analytics a1791",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "dsm v100r002c05spc615",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.6",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.55",
         },
         {
            model: "system x3400m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "78361.42",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "message networking",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.2",
         },
         {
            model: "fortirecorder",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "1.5",
         },
         {
            model: "project openssl 0.9.8t",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "cognos insight standalone fp1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2",
         },
         {
            model: "communication server 1000m signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "vdi communicator",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.0",
         },
         {
            model: "bladecenter js23",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7778-23x)0",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1.5",
         },
         {
            model: "hosted collaboration mediation fulfillment",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.0",
         },
         {
            model: "aura messaging",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.1",
         },
         {
            model: "msa storage gl200r007",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "2040",
         },
         {
            model: "communication server 1000e",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "icewall sso certd r3",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.0",
         },
         {
            model: "command view server based management",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10.3.2",
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "laserjet printer series q7697a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.260.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.161",
         },
         {
            model: "storevirtual vsa software",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "12.5",
         },
         {
            model: "paging server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.0.6",
         },
         {
            model: "fortigate",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.5",
         },
         {
            model: "data ontap smi-s agent",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.2",
         },
         {
            model: "9500e family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2",
         },
         {
            model: "ace application control engine module ace20",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "laserjet enterprise m712 series cf235a 2302963 436080",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "700",
         },
         {
            model: "cloud manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1",
         },
         {
            model: "fortisandbox build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "1.3.086",
         },
         {
            model: "hyperdp oceanstor n8500 v200r001c09",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.2",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.1",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.4",
         },
         {
            model: "aura experience portal",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "23.0.1271.94",
         },
         {
            model: "agent desktop for cisco unified contact center",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "6",
         },
         {
            model: "vcenter site recovery manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0.31",
         },
         {
            model: "dgs-1210-28p",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "4.00.043",
         },
         {
            model: "telepresence system",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "11000",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.75",
         },
         {
            model: "color laserjet m680 cz248a 2302963 436072",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "big-iq cloud",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.91",
         },
         {
            model: "linux lts",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "14.04",
         },
         {
            model: "ape",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "0",
         },
         {
            model: "hyperdp v200r001c91spc201",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x330073820",
         },
         {
            model: "asset manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.40",
         },
         {
            model: "unified attendant console",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "dsr-500 1.09.b61",
            scope: "ne",
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.3-64.4",
         },
         {
            model: "s3900 v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "oceanstor s5600t v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.19",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.1",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.1",
         },
         {
            model: "enterprise linux server eus 6.3.z",
            scope: null,
            trust: 0.3,
            vendor: "redhat",
            version: null,
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "6.0",
         },
         {
            model: "junos 10.2r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "0.10.140.0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.32",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.6",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.1.3",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "6.5",
         },
         {
            model: "storevirtual 2tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "laserjet p3005 printer series q7814a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "2.190.3",
         },
         {
            model: "ace application control engine module ace10",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5600v110.1",
         },
         {
            model: "rox",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "20",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "36100",
         },
         {
            model: "ive os 7.4r8",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.21",
         },
         {
            model: "hi switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "55000",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.7",
         },
         {
            model: "laserjet enterprise m4555 mfp ce503a 2302963 436064",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "msr9xx family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.4",
         },
         {
            model: "vcenter site recovery manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1.1",
         },
         {
            model: "nsx for multi-hypervisor",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "4.1.2",
         },
         {
            model: "laserjet printer series q7698a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.260.3",
         },
         {
            model: "sbr enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.17",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.63",
         },
         {
            model: "aura system manager sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "junos os 13.3r2-s3",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "tivoli workload scheduler distributed fp07",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.4",
         },
         {
            model: "msr30 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "scale out network attached storage",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.3.3",
         },
         {
            model: "smart update manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6.3.1",
         },
         {
            model: "manageone v100r002c10",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "hp-ux b.11.31",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "2.0.4",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.0.2",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "463011.5",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x375087330",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.20",
         },
         {
            model: "esight-ewl v300r001c10spc300",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "ave2000 v100r001c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "color laserjet enterprise cp4525 cc493a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.164.1",
         },
         {
            model: "executive scorecard",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.40",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.22",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "6.0.2",
         },
         {
            model: "websphere datapower b2b appliance xb62",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.0.1",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "laserjet multifunction printer series q3726a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.290.2",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "9.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.82",
         },
         {
            model: "color laserjet cp4005 printer series cb504a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "46.230.6",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3.1",
         },
         {
            model: "snapdrive for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0.1",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "10.0.74.4",
         },
         {
            model: "aura session manager sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "junos space 12.3p2.8",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.85",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.60",
         },
         {
            model: "pulse desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.0",
         },
         {
            model: "rational insight ifix1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.1",
         },
         {
            model: "fortios",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.8",
         },
         {
            model: "netezza platform software",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.12",
         },
         {
            model: "tivoli workload scheduler distributed fp02",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.6",
         },
         {
            model: "telepresence integrator c series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "aura presence services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "laserjet m4345 multifunction printer cb425a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "8.4-prerelease",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.1",
         },
         {
            model: "laserjet enterprise m602 series ce991a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473011.5",
         },
         {
            model: "malware analysis appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.1.2",
         },
         {
            model: "usg9300 v200r001c01sph902",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "clearpass",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.1.0",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.0.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "0.9.126.0",
         },
         {
            model: "project openssl beta1",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0.1",
         },
         {
            model: "anyoffice v200r002c10",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "digital media players series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "43000",
         },
         {
            model: "nexus series switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "60000",
         },
         {
            model: "color laserjet flow m680 ca251a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.4",
         },
         {
            model: "splunk",
            scope: "ne",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.9",
         },
         {
            model: "cacheflow",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "2.0",
         },
         {
            model: "aura session manager sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "31005.1.1",
         },
         {
            model: "bbm for android",
            scope: "ne",
            trust: 0.3,
            vendor: "rim",
            version: "2.2.1.40",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "13.10",
         },
         {
            model: "virtual automation",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.68",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.0.0",
         },
         {
            model: "color laserjet enterprise cp4025 cc490a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.34",
         },
         {
            model: "snapdrive for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2.1",
         },
         {
            model: "ds8870",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.50",
         },
         {
            model: "color laserjet multifunction printer series cb481a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "laserjet printer series q7545a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52008.241",
         },
         {
            model: "junos 13.2r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2143",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "19100",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.1",
         },
         {
            model: "usg9500 usg9500 v300r001c20",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "laserjet printer series q5406a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43508.250.2",
         },
         {
            model: "espace u2990 v200r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "forticlient build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.2.0591",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.34",
         },
         {
            model: "studio",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "2.60",
         },
         {
            model: "aura conferencing sp1 standard",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "laserjet enterprise mfp m525f cf116a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5000",
         },
         {
            model: "color laserjet cp3525 cc468a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "cloudplatform",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.2",
         },
         {
            model: "telepresence isdn gw",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "32410",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.2.3",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.10",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "66020",
         },
         {
            model: "ssl visibility",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.6",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.4x27.62",
         },
         {
            model: "system m5 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x310054570",
         },
         {
            model: "vcd",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1.3",
         },
         {
            model: "9.0-stable",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.1",
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.4.0",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.8",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.4",
         },
         {
            model: "telepresence ex series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "one-x mobile ces for iphone",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "0",
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473011.5",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "junos os 13.3r3",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "59200",
         },
         {
            model: "security analytics platform",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "7.1.3",
         },
         {
            model: "oceanstor s6800t v100r005c30spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "management center",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1",
         },
         {
            model: "manageone v100r001c02 spc901",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos 11.4r10",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "security information and event management",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.2",
         },
         {
            model: "xiv storage system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "281011.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.20",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.0.6",
         },
         {
            model: "junos 12.1x45-d20",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.1.1",
         },
         {
            model: "initiate master data service",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.5",
         },
         {
            model: "system x3500m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "78391.42",
         },
         {
            model: "utm",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "9.2",
         },
         {
            model: "oceanstor s2600t v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "color laserjet cp5525 ce707a 2302963 436070",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "enterprise linux els",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "4",
         },
         {
            model: "storwize",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v3500-",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.26",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.13",
         },
         {
            model: "email and server security",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "11.00",
         },
         {
            model: "color laserjet cm6030 multifunction printer ce664a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "isoc v200r001c02spc202",
            scope: "eq",
            trust: 0.3,
            vendor: "huawei",
            version: "9000",
         },
         {
            model: "psb email and server security",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "9.20",
         },
         {
            model: "color laserjet cp3525 cc471a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "storevirtual 2tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "9.2-release-p4",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "chrome os",
            scope: "ne",
            trust: 0.3,
            vendor: "google",
            version: "35.0.1916.155",
         },
         {
            model: "ons series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154000",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3.5",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.2",
         },
         {
            model: "unified intelligent contact management enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos space r1.8",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "13.1",
         },
         {
            model: "clearpass",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.1.4",
         },
         {
            model: "webapp secure",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "anyconnect secure mobility client for ios",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "security threat response manager",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "2013.2",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.11",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.70",
         },
         {
            model: "utm",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "8.3",
         },
         {
            model: "aura system manager sp3",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "policy center v100r003c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x357087180",
         },
         {
            model: "laserjet enterprise p3015 ce526a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.50",
         },
         {
            model: "big-iq security",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.0",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.0.14",
         },
         {
            model: "junos 12.3r4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1",
         },
         {
            model: "director",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "5.4",
         },
         {
            model: "color laserjet cp6015 q3934a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "53.236.1",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2.170",
         },
         {
            model: "storwize",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v3700-",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.92",
         },
         {
            model: "colorqube ps",
            scope: "eq",
            trust: 0.3,
            vendor: "xerox",
            version: "88704.76.0",
         },
         {
            model: "web security gateway anywhere",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.1",
         },
         {
            model: "updatexpress system packs installer",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.60",
         },
         {
            model: "campaign",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1",
         },
         {
            model: "oncommand unified manager core package",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "5.0",
         },
         {
            model: "sterling connect:direct for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.6.0",
         },
         {
            model: "video surveillance 4300e/4500e high-definition ip cameras",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "smart update manager",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "6.4.1",
         },
         {
            model: "director",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.1",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.21",
         },
         {
            model: "system type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x3950x638370",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.6",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.85",
         },
         {
            model: "one-x communicator for mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "x1.0",
         },
         {
            model: "color laserjet multifunction printer series cb480a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "vm virtualbox 4.2.0-rc3",
            scope: null,
            trust: 0.3,
            vendor: "oracle",
            version: null,
         },
         {
            model: "color laserjet cm4540 mfp cc421a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.5.2",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.50",
         },
         {
            model: "color laserjet multifunction printer series cb482a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.16",
         },
         {
            model: "sdn for virtual environments",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.1",
         },
         {
            model: "laserjet multifunction printer series q3944a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43459.310.2",
         },
         {
            model: "watson explorer",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0.3",
         },
         {
            model: "jabber video for ipad",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos 12.1x44-d26",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos os 13.2r5",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "communications policy management",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "12.1.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.51",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.8",
         },
         {
            model: "tivoli composite application manager for transactions",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.3.0",
         },
         {
            model: "mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.8.5",
         },
         {
            model: "jboss enterprise application platform",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5.2",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.3.2.2",
         },
         {
            model: "junos 10.4r14",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "51005.1",
         },
         {
            model: "laserjet printer series q5403a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "42508.250.2",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.4",
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "1.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.56",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2",
         },
         {
            model: "webex connect client for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "vcsa",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "8.0.552.343",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.12",
         },
         {
            model: "color laserjet printer series q5982a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "380046.80.8",
         },
         {
            model: "message networking",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.4",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.4",
         },
         {
            model: "junos pulse 4.0r5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.12",
         },
         {
            model: "cognos planning fp3",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1.1",
         },
         {
            model: "junos -d10",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x46",
         },
         {
            model: "p2 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1810v10",
         },
         {
            model: "fortiauthenticator",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "3.0.2",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.28",
         },
         {
            model: "junos space 13.1r1.6",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "view client",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.3.1",
         },
         {
            model: "junos 10.0s25",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 10.4r6",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "email and server security",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "10.00",
         },
         {
            model: "system dx360m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73251.42",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.13",
         },
         {
            model: "rational tau",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.3",
         },
         {
            model: "softco v200r001c01",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "linux ia-32",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.52",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.0.3",
         },
         {
            model: "color laserjet cm6040 multifunction printer q3939a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52.256.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.18",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.28",
         },
         {
            model: "junos 10.4r11",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413012.6",
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "5.1",
         },
         {
            model: "vsphere storage appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1.3",
         },
         {
            model: "laserjet p4015 cb511a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "2.0",
         },
         {
            model: "security access manager for mobile",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "2.0.1",
         },
         {
            model: "flare experience for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.1.2",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.17",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.18",
         },
         {
            model: "junos 12.3r4-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.36",
         },
         {
            model: "agile controller v100r001c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "nip2000&5000 v100r002c10hp0001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "tapi service provider",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.29",
         },
         {
            model: "datafort s-series",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.4",
         },
         {
            model: "core",
            scope: "eq",
            trust: 0.3,
            vendor: "s u s e",
            version: "9",
         },
         {
            model: "junos r5",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "13.2",
         },
         {
            model: "russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "66020",
         },
         {
            model: "communication server 1000e signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.0",
         },
         {
            model: "management center",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.2.1.1",
         },
         {
            model: "laserjet pro m401a/d/dn/dnw/dw/n cf274a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020150212",
         },
         {
            model: "telepresence isdn gw mse",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "83210",
         },
         {
            model: "emergency responder",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "smc2.0 v100r002c01b017sp16",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "linux powerpc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.0",
         },
         {
            model: "blackberry link",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "1.2",
         },
         {
            model: "msr20-1x family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.77",
         },
         {
            model: "8.0-rc1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "aura conferencing standard",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.17",
         },
         {
            model: "one-x mobile ces for android",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.4",
         },
         {
            model: "system x3650m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "54541.42",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.7",
         },
         {
            model: "physical access gateways",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "system m5 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x325054580",
         },
         {
            model: "cognos insight standalone",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.2",
         },
         {
            model: "session border controller enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3.4",
         },
         {
            model: "junos 11.4r5-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "ive os 8.0r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "unified ip phone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "89410",
         },
         {
            model: "project openssl 0.9.8u",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "isoc v200r001c01spc101",
            scope: "eq",
            trust: 0.3,
            vendor: "huawei",
            version: "5000",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1",
         },
         {
            model: "prime network registrar",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.13",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.36",
         },
         {
            model: "junos os 12.1x44-d40",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "watson explorer",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.2.0",
         },
         {
            model: "fortiweb",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.3.1",
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7600",
         },
         {
            model: "system management homepage",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.3.1",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "31005.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.114",
         },
         {
            model: "real-time compression appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "3.8.106",
         },
         {
            model: "lifetime key management software",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "security access manager for web appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0",
         },
         {
            model: "vcenter converter standalone",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.1",
         },
         {
            model: "color laserjet cm4730 multifunction printer cb482a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "50.286.1",
         },
         {
            model: "10.0-beta",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "32.0.1700.95",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.22",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.1",
         },
         {
            model: "horizon workspace server gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.8.1",
         },
         {
            model: "documentum content server p06",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "7.1",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.89",
         },
         {
            model: "big-ip aam",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5",
         },
         {
            model: "junos 12.1r8-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "project openssl 1.0.0d",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "prime network analysis module",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "4.6",
         },
         {
            model: "project openssl 1.0.1e",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.07",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.56",
         },
         {
            model: "laserjet multifunction printer series q3945a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43459.310.2",
         },
         {
            model: "websphere datapower xml accelerator xa35",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.0.15",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.4",
         },
         {
            model: "executive scorecard",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.5",
         },
         {
            model: "bladesystem c-class onboard administrator",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "4.21",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.4",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.14",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.0.4",
         },
         {
            model: "isoc v200r001c00spc202",
            scope: "eq",
            trust: 0.3,
            vendor: "huawei",
            version: "3000",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "60000",
         },
         {
            model: "one-x client enablement services sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "small business isa500 series integrated security appliances",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "flare experience for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.1.1",
         },
         {
            model: "integrated management module ii",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "4.21",
         },
         {
            model: "netiq identity server",
            scope: "eq",
            trust: 0.3,
            vendor: "novell",
            version: "0",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3.0",
         },
         {
            model: "color laserjet enterprise cp4525 cc495a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.164.1",
         },
         {
            model: "junos 12.3r5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.80",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.5.2",
         },
         {
            model: "real-time compression appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "3.9.107",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.3.28",
         },
         {
            model: "storevirtual hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433511.5",
         },
         {
            model: "systems insight manager 7.3.0a",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "flex system p260 compute node",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-23x)0",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "laserjet enterprise mfp m630 series b3g84a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.4",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.2",
         },
         {
            model: "sterling connect:enterprise for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.5",
         },
         {
            model: "arubaos",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.3",
         },
         {
            model: "unified ip phone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "88310",
         },
         {
            model: "vcsa",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "color laserjet enterprise m750 d3l10a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.27",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.170",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.1.1",
         },
         {
            model: "idp 4.1r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "horizon workspace client for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.8.1",
         },
         {
            model: "cognos business intelligence server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1.1",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.20",
         },
         {
            model: "big-iq device",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.2",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.1",
         },
         {
            model: "real-time compression appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1.2",
         },
         {
            model: "laserjet m3035 multifunction printer cc476a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.1",
         },
         {
            model: "laserjet enterprise flow m830z mfp cf367a 2302963 436071",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "usg9500 usg9500 v300r001c01",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "power",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5750",
         },
         {
            model: "one-x client enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "linux sparc",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "config advisor",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "color laserjet cm4540 mfp cc420a 2302963 436067",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "color laserjet enterprise cp4525 cc494a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.164.1",
         },
         {
            model: "laserjet enterprise mfp m725 cf067a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1",
         },
         {
            model: "smartcloud provisioning",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.1",
         },
         {
            model: "color laserjet printer series q7492a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "470046.230.6",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.9",
         },
         {
            model: "eucalyptus",
            scope: "eq",
            trust: 0.3,
            vendor: "eucalyptus",
            version: "4.0",
         },
         {
            model: "tandberg codian mse model",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "83200",
         },
         {
            model: "uma v200r001c00spc200",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "color laserjet m680 cz249a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "laserjet m3035 multifunction printer cc477a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "isoc v200r001c00",
            scope: "eq",
            trust: 0.3,
            vendor: "huawei",
            version: "3000",
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.1.0",
         },
         {
            model: "aura session manager sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "aura communication manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.1",
         },
         {
            model: "fortimanager",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.2",
         },
         {
            model: "simatic wincc oa",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "3.12",
         },
         {
            model: "forticlient",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.10",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.22",
         },
         {
            model: "eupp v100r001c10spc002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "rox",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "10",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.8",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.0",
         },
         {
            model: "websphere datapower low latency appliance xm70",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.0.15",
         },
         {
            model: "project openssl 0.9.8m",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "cognos insight standalone fp2",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.1",
         },
         {
            model: "oncommand balance",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "5.0",
         },
         {
            model: "project openssl j",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "f1000a and s family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "rational application developer for websphere",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1",
         },
         {
            model: "stunnel",
            scope: "ne",
            trust: 0.3,
            vendor: "stunnel",
            version: "5.02",
         },
         {
            model: "u200a and m family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.57",
         },
         {
            model: "sbr carrier",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.6",
         },
         {
            model: "flex system fc5022",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "850/8700",
         },
         {
            model: "officejet enterprise color c2s12a 2302963 436074",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "x555",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.2.0",
         },
         {
            model: "initiate master data service patient hub",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.7",
         },
         {
            model: "meeting exchange",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "storevirtual china hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433511.5",
         },
         {
            model: "storwize",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v70000",
         },
         {
            model: "cognos tm1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.5.2.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.11",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.4.2",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "oceanstor s5500t v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "videoscape anyres live",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.66",
         },
         {
            model: "junos d20",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x46",
         },
         {
            model: "color laserjet cm4540 mfp cc419a 2302963 436067",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.3",
         },
         {
            model: "storevirtual 450gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.31",
         },
         {
            model: "vcenter converter standalone",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "infosphere master data management patient hub",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.0",
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "4.6.4",
         },
         {
            model: "hsr6602 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "wag310g wireless-g adsl2+ gateway with voip",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "documentum content server p07",
            scope: "ne",
            trust: 0.3,
            vendor: "emc",
            version: "7.1",
         },
         {
            model: "project openssl",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0",
         },
         {
            model: "sterling connect:enterprise for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.44",
         },
         {
            model: "security threat response manager",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "2012.1",
         },
         {
            model: "jabber for android",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "image construction and composition tool",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.1.1",
         },
         {
            model: "unified wireless ip phone series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "29200",
         },
         {
            model: "one-x mobile for blackberry",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "0",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "9.5",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.50",
         },
         {
            model: "9.0-release-p6",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.14",
         },
         {
            model: "laserjet m4345 multifunction printer cb425a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.6",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "6.07",
         },
         {
            model: "storevirtual 1tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "ida pro",
            scope: "eq",
            trust: 0.3,
            vendor: "hex ray",
            version: "6.5",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "31.0",
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.8",
         },
         {
            model: "junos space 14.1r1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.6",
         },
         {
            model: "upward integration modules for vmware vsphere",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "3.5",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.4x27.44",
         },
         {
            model: "prime optical for sps",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.9.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.22",
         },
         {
            model: "9.2-rc2",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "color laserjet m651 cz255a 2302963 436073",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "si switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "51200",
         },
         {
            model: "scanjet enterprise document capture workstation l2717a 2302963 436065",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "8500",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.19",
         },
         {
            model: "laserjet p4015 cb510a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "flare experience for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.1.5",
         },
         {
            model: "initiate master data service",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.99",
         },
         {
            model: "cognos metrics manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.168",
         },
         {
            model: "icewall sso agent option",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.02007",
         },
         {
            model: "cloudsystem foundation",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.0.2",
         },
         {
            model: "9.0-rc3",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "junos 13.3r2-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "open systems snapvault",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.41",
         },
         {
            model: "junos 12.1r5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "security network intrusion prevention system gx4004-v2",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "documentum content server",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "7.1",
         },
         {
            model: "vcd",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.6.2",
         },
         {
            model: "system type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x3850x638370",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "smart call home",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "elan",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "8.3.3",
         },
         {
            model: "oncommand unified manager core package",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.0.1",
         },
         {
            model: "project openssl beta5",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0.0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.3",
         },
         {
            model: "laserjet enterprise color mfp m575dn cd645a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5000",
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.4",
         },
         {
            model: "system x3250m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "42511.42",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.3",
         },
         {
            model: "insight control server deployment",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.0",
         },
         {
            model: "laserjet enterprise m806 cz245a 2302963 436075",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "storevirtual 3tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "fortimanager",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "3.0",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.2.4",
         },
         {
            model: "suse core for",
            scope: "eq",
            trust: 0.3,
            vendor: "s u s e",
            version: "9x86",
         },
         {
            model: "ecns610 v100r003c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1.0",
         },
         {
            model: "sdk for node.js",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.0.3",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2",
         },
         {
            model: "junos 13.2r5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "documentum content server sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "horizon workspace server data",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.8.1",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "18.0.1025308",
         },
         {
            model: "9.0-rc1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "aura messaging",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.81",
         },
         {
            model: "storage encryption",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.4",
         },
         {
            model: "laserjet m3027 multifunction printer cb416a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "storevirtual china hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433511.5",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "32.0.1700.99",
         },
         {
            model: "junos 12.3r6",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.108",
         },
         {
            model: "xenclient enterprise",
            scope: "ne",
            trust: 0.3,
            vendor: "citrix",
            version: "5.1.3",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.0.13",
         },
         {
            model: "laserjet enterprise mfp m630 series b3g84a 2303714 233000041",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "netscaler ipmi/lom interface",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "6.2",
         },
         {
            model: "8.4-release-p8",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "msr20 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "colorqube ps",
            scope: "eq",
            trust: 0.3,
            vendor: "xerox",
            version: "85704.76.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.9",
         },
         {
            model: "oceanstor s6800t v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "color laserjet m680 cz249a 2302963 436072",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.62",
         },
         {
            model: "servicecenter",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6.2",
         },
         {
            model: "bladesystem c-class virtual connect",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.30",
         },
         {
            model: "sparc m10-4s",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "0",
         },
         {
            model: "fortiauthenticator build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "3.1.060",
         },
         {
            model: "laserjet enterprise m601 series ce990a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "129000",
         },
         {
            model: "snapdrive for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1",
         },
         {
            model: "vcenter support assistant",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.14",
         },
         {
            model: "enterprise linux workstation",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "33.0",
         },
         {
            model: "sbr carrier 7.6.0-r10",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.56",
         },
         {
            model: "hsr6800 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "laserjet printer series q7552a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52008.241",
         },
         {
            model: "scanjet enterprise document capture workstation l2717a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "85000",
         },
         {
            model: "project openssl 0.9.8m beta1",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.39",
         },
         {
            model: "clearpass",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.3.0",
         },
         {
            model: "bladecenter js23/js43",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7778-23x)0",
         },
         {
            model: "enterprise linux desktop client",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.1",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.1.185",
         },
         {
            model: "security network intrusion prevention system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.2",
         },
         {
            model: "project openssl 0.9.8q",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "sterling connect:express for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.5.0.11",
         },
         {
            model: "laserjet printer series q3721a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.260.3",
         },
         {
            model: "flex system fabric en4093 10gb scalable switch",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.8.4.0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.5",
         },
         {
            model: "manageone v100r002c10 spc320",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.10",
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "9.2",
         },
         {
            model: "svn2200 v200r001c01spc600",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "rational application developer for websphere",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1.0.1",
         },
         {
            model: "aura presence services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "messagesight server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1",
         },
         {
            model: "secblade iii",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "safe profile",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "0",
         },
         {
            model: "jabber software development kit",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.79",
         },
         {
            model: "junos 13.1r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.0",
         },
         {
            model: "laserjet m5035 multifunction printer q7830a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "jetdirect 640n eio card j8025a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "45.35",
         },
         {
            model: "junos 13.2r5",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "big-ip aam",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "storwize unified",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "v70001.4",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.2.2",
         },
         {
            model: "vdi-in-a-box",
            scope: "ne",
            trust: 0.3,
            vendor: "citrix",
            version: "5.4.4",
         },
         {
            model: "itbm standard",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.0",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "7.00",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.1.2",
         },
         {
            model: "ssl for openvms",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1.4-467",
         },
         {
            model: "color laserjet cp3525 cc469a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "junos 13.1r4-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.2",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "3.1.11",
         },
         {
            model: "fortivoiceos build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "3.0.3165",
         },
         {
            model: "laserjet enterprise color m551 series cf082a 2302963 436083",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "500",
         },
         {
            model: "secure analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "2013.2",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473011.5",
         },
         {
            model: "flare experience for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.1.4",
         },
         {
            model: "eupp v100r001c10",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.3.2",
         },
         {
            model: "security network intrusion prevention system gx6116",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "flex system fabric si4093 system interconnect module",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.8.4.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.17",
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "laserjet printer series q3722a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.260.3",
         },
         {
            model: "sterling connect:direct for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.5.00",
         },
         {
            model: "junos pulse 5.0r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.14",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.2",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.22",
         },
         {
            model: "telepresence system",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "13000",
         },
         {
            model: "enterprise linux eus 5.9.z server",
            scope: null,
            trust: 0.3,
            vendor: "redhat",
            version: null,
         },
         {
            model: "communications policy management",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "9.7.3",
         },
         {
            model: "laserjet p4515 cb516a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.2.3",
         },
         {
            model: "uma-db v2r1coospc101",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "security information and event management hf6",
            scope: "ne",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.2.2",
         },
         {
            model: "management center",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.2",
         },
         {
            model: "project openssl 0.9.8g",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "telepresence exchange system",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "datafort management console",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "cms r17",
            scope: null,
            trust: 0.3,
            vendor: "avaya",
            version: null,
         },
         {
            model: "usg9300 usg9300 v100r003c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.05",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.2",
         },
         {
            model: "f1000e family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "7",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.113",
         },
         {
            model: "laserjet enterprise m601 series ce989a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "sterling file gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2",
         },
         {
            model: "oncommand unified manager core package 5.2.1p1",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "9.0",
         },
         {
            model: "junos 11.4r6.6",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.40",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "19200",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.3",
         },
         {
            model: "color laserjet cm4540 mfp cc419a",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7600-",
         },
         {
            model: "blackberry enterprise service",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.1.3",
         },
         {
            model: "vsphere replication",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.6",
         },
         {
            model: "espace u2990 v200r001c02",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "msr93x russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.1",
         },
         {
            model: "airwave",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "0",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.01",
         },
         {
            model: "big data extensions",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.1",
         },
         {
            model: "storevirtual 3tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "junos space 12.3r1.3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "dsr-1000n rev. a1",
            scope: null,
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.19",
         },
         {
            model: "junos 11.2r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "svn5500 v200r001c01spc600",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "msr50 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "blackberry os",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.2.0.1055",
         },
         {
            model: "laserjet m5025 multifunction printer q7840a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "flex system p260 compute node",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-22x)0",
         },
         {
            model: "tivoli netcool/system service monitor",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.1",
         },
         {
            model: "snapdrive for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2.2",
         },
         {
            model: "jabber voice for android",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "onepk all-in-one vm",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "idp 4.2r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "virtuozzo containers for linux",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "4.7",
         },
         {
            model: "proxysgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.5",
         },
         {
            model: "junos 12.1r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet enterprise m603 series ce994a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "vsphere support assistant",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.37",
         },
         {
            model: "airwave",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "7.2",
         },
         {
            model: "webex meetings server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "1.0",
         },
         {
            model: "laserjet enterprise m806 cz245a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1.0",
         },
         {
            model: "color laserjet printer series q7493a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "470046.230.6",
         },
         {
            model: "msr50 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "proxysg sgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.0",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "1.6.3",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.61",
         },
         {
            model: "version control repository manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2",
         },
         {
            model: "tivoli netcool/system service monitor fp6",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.41",
         },
         {
            model: "communication server 1000e signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.6",
         },
         {
            model: "8.4-rc1-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "junos 10.0s28",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "algo one",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.9",
         },
         {
            model: "aix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.1",
         },
         {
            model: "isoc v200r001c02",
            scope: "eq",
            trust: 0.3,
            vendor: "huawei",
            version: "9000",
         },
         {
            model: "aura system manager sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "color laserjet cp6015 q3931a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "security information and event management",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.1",
         },
         {
            model: "color laserjet enterprise cp4525 cc493a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "10.0-release-p4",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.0.4",
         },
         {
            model: "smartcloud entry",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.1",
         },
         {
            model: "content analysis system software",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1.4.2",
         },
         {
            model: "ddos secure",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "utm",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "9.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.40",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.07",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1183.0",
         },
         {
            model: "ip office server edition",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "8.1",
         },
         {
            model: "ssl visibility",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.7",
         },
         {
            model: "fortigate build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.2.0589",
         },
         {
            model: "tivoli storage flashcopy manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.18",
         },
         {
            model: "junos os 12.3r8",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "cms r17 r3",
            scope: null,
            trust: 0.3,
            vendor: "avaya",
            version: null,
         },
         {
            model: "horizon workspace",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.8.1",
         },
         {
            model: "enterprise manager",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.0",
         },
         {
            model: "message networking",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "websphere datapower b2b appliance xb62",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "6.0.1.3",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.10",
         },
         {
            model: "color laserjet cm6030 multifunction printer ce665a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52.256.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.16",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.79",
         },
         {
            model: "manageability sdk",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.1",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.3",
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "10",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.13",
         },
         {
            model: "hp-ux b.11.23",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "big-ip pem",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "security network intrusion prevention system gx5108",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "fortiwifi",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "0",
         },
         {
            model: "vcenter server",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "vix api",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.12",
         },
         {
            model: "storevirtual fc 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.16",
         },
         {
            model: "junos 5.0r4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5",
         },
         {
            model: "fortiap",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "0",
         },
         {
            model: "tivoli workload scheduler for applications",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.6",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.03",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.33",
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.2.3",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "3.1.9",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "6.4",
         },
         {
            model: "storevirtual 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "3.3",
         },
         {
            model: "web security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.1",
         },
         {
            model: "oncommand workflow automation",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "i v5r3",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.2",
         },
         {
            model: "vsphere replication",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5.1",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.02",
         },
         {
            model: "clearpass",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.1.3",
         },
         {
            model: "uacos c5.0r4.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet enterprise p3015 ce525a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "junos 13.1r.3-s1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "webex messenger service",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "web filter",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.3",
         },
         {
            model: "project openssl",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.6",
         },
         {
            model: "snapdrive for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "33.0.1750.152",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.1.2",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.6",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.10",
         },
         {
            model: "aix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.3",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "3100v20",
         },
         {
            model: "laserjet p2055 printer series ce459a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20141201",
         },
         {
            model: "color laserjet cm4730 multifunction printer cb483a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "proxysg sgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.3",
         },
         {
            model: "netscaler build",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.196.4",
         },
         {
            model: "real-time compression appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1.203",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.3",
         },
         {
            model: "project openssl",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8x",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.23",
         },
         {
            model: "logcenter v200r003c10",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "dynamic system analysis",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "9.61",
         },
         {
            model: "dgs-1210-28",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "4.00.012",
         },
         {
            model: "ssl vpn 7.4r11.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.20",
         },
         {
            model: "laserjet enterprise m601 series ce989a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "telepresence supervisor mse",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "80500",
         },
         {
            model: "initiate master data service provider hub",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.5",
         },
         {
            model: "network connect",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.3.0.13725",
         },
         {
            model: "infosphere master data management server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "11.3",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.11",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.152",
         },
         {
            model: "color laserjet printer series q7534a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "300046.80.2",
         },
         {
            model: "horizon workspace client for mac",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.8.1",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.51",
         },
         {
            model: "rational build forge",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.0.2",
         },
         {
            model: "storevirtual 3tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "netiq access manager",
            scope: "eq",
            trust: 0.3,
            vendor: "novell",
            version: "4.0",
         },
         {
            model: "flex system enterprise chassis",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7893",
         },
         {
            model: "big-ip psm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2",
         },
         {
            model: "watson explorer",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0.4",
         },
         {
            model: "s7700&s9700 v200r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "flare experience for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.1",
         },
         {
            model: "netiq access manager",
            scope: "eq",
            trust: 0.3,
            vendor: "novell",
            version: "3.2",
         },
         {
            model: "application networking manager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "command view for tape libraries",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "sparc enterprise m8000 xcp",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "1117",
         },
         {
            model: "oceanstor s2600t v100r005c30spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "laserjet enterprise color mfp m575dn cd645a 2302963 436081",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "500",
         },
         {
            model: "junos 12.1x45-d15",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "webex meetings server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "2.0",
         },
         {
            model: "tivoli workload scheduler distributed fp03",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.5",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.4",
         },
         {
            model: "project openssl 1.0.1h",
            scope: "ne",
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.1.2",
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.4",
         },
         {
            model: "9.2-rc1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2.0",
         },
         {
            model: "msr30-16 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "jabber for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "fortiwifi build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.2.0589",
         },
         {
            model: "laserjet enterprise color m855 a2w77a 2302963 436076",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "800",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.4",
         },
         {
            model: "puredata system for hadoop",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.01",
         },
         {
            model: "mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.9.3",
         },
         {
            model: "telepresence video communication server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "cloudsystem chargeback",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.40",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "3.1.10",
         },
         {
            model: "blackberry os",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.1.0.2354",
         },
         {
            model: "one-x communicator for mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "x1.0.3",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.0",
         },
         {
            model: "aura application server sip core pb3",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53003.0",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3.3",
         },
         {
            model: "netiq access gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "novell",
            version: "0",
         },
         {
            model: "security analytics platform",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.6",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.2",
         },
         {
            model: "idp",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.1",
         },
         {
            model: "security threat response manager 2012.1r8",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "project openssl 1.0.0f",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "unified ip phone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "99710",
         },
         {
            model: "linux lts i386",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "12.04",
         },
         {
            model: "project openssl d",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.0",
         },
         {
            model: "laserjet m3027 multifunction printer cc479a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "sparc enterprise m3000 xcp",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "1117",
         },
         {
            model: "color laserjet cp6015 q3932a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "53.236.1",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1",
         },
         {
            model: "version control repository manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.1",
         },
         {
            model: "websphere mq",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.3",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "2.0",
         },
         {
            model: "enterprise linux long life server",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5.6",
         },
         {
            model: "laserjet enterprise mfp m525f cf117a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5000",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "0.9.134.14",
         },
         {
            model: "management center",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.0",
         },
         {
            model: "ftp server",
            scope: "ne",
            trust: 0.3,
            vendor: "cerberus",
            version: "7.0.0.3",
         },
         {
            model: "junos 11.1r4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "ata analog telephone adaptor",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "1870",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "2.0.2",
         },
         {
            model: "project openssl 1.0.0b",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.1.1",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.4",
         },
         {
            model: "fortimail",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.7",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.2",
         },
         {
            model: "expressway series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.6",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.4",
         },
         {
            model: "storage management initiative specification providers fo",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "57100",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.1",
         },
         {
            model: "storevirtual 1tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "msr30-1x russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.15",
         },
         {
            model: "proventia network security controller",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.1209",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.79",
         },
         {
            model: "puremessage for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "4.04",
         },
         {
            model: "junos 11.4r5.5",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "cognos business intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.4.1",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.74",
         },
         {
            model: "laserjet enterprise p3015 ce595a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "laserjet p4515 cb514a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.0.0",
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.1.2",
         },
         {
            model: "smartcloud entry",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.2",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.03",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.2",
         },
         {
            model: "aura system manager sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "aura communication manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "4.0",
         },
         {
            model: "clustered data ontap antivirus connector",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0",
         },
         {
            model: "sterling connect:direct",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.5",
         },
         {
            model: "netscaler build",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.070.5",
         },
         {
            model: "content analysis system software",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1.1.1",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.11",
         },
         {
            model: "security information and event management ga",
            scope: "ne",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.4.0",
         },
         {
            model: "junos 11.4r12-s1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.2.4",
         },
         {
            model: "family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "125000",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "13.2",
         },
         {
            model: "8.4-beta1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.55",
         },
         {
            model: "officejet enterprise color c2s11a 2302963 436074",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "x555",
         },
         {
            model: "web appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "symantec",
            version: "3.9.0.0",
         },
         {
            model: "tsm v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "project openssl f",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.12",
         },
         {
            model: "msr30-16 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "imc ead",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.00",
         },
         {
            model: "rational tau",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.31",
         },
         {
            model: "laserjet m5035 multifunction printer q7829a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "fortios b064",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "2.1.5-1",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.12",
         },
         {
            model: "mysql",
            scope: "ne",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.20",
         },
         {
            model: "laserjet p4015 cb509a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "usg9500 v300r001c20sph102",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x353071600",
         },
         {
            model: "initiate master data service patient hub",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.5",
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "laserjet m3035 multifunction printer cb414a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.25",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.4x27.43",
         },
         {
            model: "systems insight manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.13",
         },
         {
            model: "asa cx context-aware security",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "color laserjet cp5525 ce709a 2302963 436070",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "horizon workspace client for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.5",
         },
         {
            model: "web filter",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.7",
         },
         {
            model: "project openssl 1.0.1d",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.52",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.5",
         },
         {
            model: "unified im and presence services",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "big-ip pem",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "junos 11.4r7-s1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.0",
         },
         {
            model: "junos d10",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x47",
         },
         {
            model: "security network intrusion prevention system gv200",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "laserjet enterprise color mfp m880 a2w75a 2302963 436068",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "800",
         },
         {
            model: "elog v100r003c01spc503",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.0.3",
         },
         {
            model: "system storage ts3400 tape library",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0040",
         },
         {
            model: "telepresence server on multiparty media",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3100",
         },
         {
            model: "cit",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.40",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x357087520",
         },
         {
            model: "flex system fabric en4093r 10gb scalable switch",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.8.4.0",
         },
         {
            model: "s5900 v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "scanjet enterprise document capture workstation l2719a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "85000",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.2.0",
         },
         {
            model: "s6900 v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "web security gateway anywhere",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.7.3",
         },
         {
            model: "storevirtual hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.5",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.1",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.1",
         },
         {
            model: "storevirtual 3tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "storevirtual fc 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "proactive contact",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.0",
         },
         {
            model: "junos 12.1r11",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "ip office application server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "8.1",
         },
         {
            model: "fusionsphere v100r003",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.5",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "5.015",
         },
         {
            model: "tsm v100r002c07spc219",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "vma san gateway g5.5.1.3",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "network connect",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.4.0.14619",
         },
         {
            model: "one-x mobile lite for android",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.173",
         },
         {
            model: "smartcloud provisioning",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.3",
         },
         {
            model: "system dx360m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "63911.42",
         },
         {
            model: "espace iad v300r002c01",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "sterling connect:direct",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.4",
         },
         {
            model: "documentum content server sp1 p28",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.24",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.2",
         },
         {
            model: "prime collaboration provisioning",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "10.5",
         },
         {
            model: "real-time compression appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.8",
         },
         {
            model: "security network intrusion prevention system gx7412-10",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "fortianalyzer",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.7",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.45",
         },
         {
            model: "arubaos",
            scope: "ne",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.4.1.0",
         },
         {
            model: "cognos express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.5",
         },
         {
            model: "-release-p5",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "8.0",
         },
         {
            model: "color laserjet cp6015 q3931a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "53.236.1",
         },
         {
            model: "9.2-rc3-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "mac os server",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.7.5",
         },
         {
            model: "aura communication manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.1",
         },
         {
            model: "laserjet p3005 printer series q7815a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "2.190.3",
         },
         {
            model: "datafort fc-series",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "aura system platform",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.1.0.9",
         },
         {
            model: "vcac",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "6.0.1",
         },
         {
            model: "vcenter site recovery manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5.1",
         },
         {
            model: "power express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7200",
         },
         {
            model: "unified communications manager",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "laserjet printer series q5408a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43508.250.2",
         },
         {
            model: "s2750&s5700&s6700 v200r003",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "xiv storage system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "281011.3",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.0",
         },
         {
            model: "4210g switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "aura application server sip core",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53003.0",
         },
         {
            model: "aura application server sip core pb25",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.1.4",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.8",
         },
         {
            model: "junos r1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: "14.1",
         },
         {
            model: "laserjet enterprise m603 series ce995a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.118",
         },
         {
            model: "unified series ip phones",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "79000",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.88",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.4.3",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.95",
         },
         {
            model: "tivoli netcool/system service monitor fp3",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "aura experience portal",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.1",
         },
         {
            model: "aura experience portal sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "hyperdp v200r001c09spc501",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "aura messaging",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "ei switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "55000",
         },
         {
            model: "nsx for multi-hypervisor",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "4.0.3",
         },
         {
            model: "toolscenter suite",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.52",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x355079140",
         },
         {
            model: "integrated lights out manager",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.3",
         },
         {
            model: "utm",
            scope: "ne",
            trust: 0.3,
            vendor: "sophos",
            version: "9.203",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.3.1.1",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "telepresence",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "13100",
         },
         {
            model: "project openssl 1.0.1b",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "project openssl 1.0.0k",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "laserjet enterprise mfp m725 cf069a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "aura system platform sp3",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.10",
         },
         {
            model: "laserjet printer series q7784a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "42408.250.2",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "59000",
         },
         {
            model: "project metasploit framework",
            scope: "ne",
            trust: 0.3,
            vendor: "metasploit",
            version: "4.9.3",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.3.0",
         },
         {
            model: "usg2000 v300r001c10spc200",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.86",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "3.1.12",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.3.3",
         },
         {
            model: "aura conferencing",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.0",
         },
         {
            model: "project metasploit framework",
            scope: "eq",
            trust: 0.3,
            vendor: "metasploit",
            version: "4.9.2",
         },
         {
            model: "cloudsystem enterprise software",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "8.1",
         },
         {
            model: "storevirtual 600gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413012.5",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "75000",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.1",
         },
         {
            model: "aura system platform sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "watson explorer security",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.2",
         },
         {
            model: "centos",
            scope: "eq",
            trust: 0.3,
            vendor: "centos",
            version: "6",
         },
         {
            model: "junos r12",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.4",
         },
         {
            model: "websphere datapower low latency appliance xm70",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.0",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.1.4",
         },
         {
            model: "9.0-release",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "epolicy orchestrator",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "4.6.7",
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.0",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.1",
         },
         {
            model: "aura communication manager utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "laserjet enterprise mfp m725 cf068a 2302963 436078",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.59",
         },
         {
            model: "laserjet enterprise mfp m725 cf068a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10500",
         },
         {
            model: "flare experience for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.1.3",
         },
         {
            model: "laserjet enterprise color mfp m575dn cd644a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5000",
         },
         {
            model: "linux",
            scope: null,
            trust: 0.3,
            vendor: "gentoo",
            version: null,
         },
         {
            model: "junos os 14.1r1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "snapdrive for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1",
         },
         {
            model: "8.4-release-p7",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "operations analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "2.1",
         },
         {
            model: "color laserjet cp3505 printer series cb442a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "3.160.2",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.2",
         },
         {
            model: "clustered data ontap antivirus connector",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.1",
         },
         {
            model: "rational tau",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.32",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.42",
         },
         {
            model: "big-ip pem",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5",
         },
         {
            model: "aura utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "e-business suite 11i",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "11.5.10.2",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.6",
         },
         {
            model: "laserjet printer series q5400a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "42508.250.2",
         },
         {
            model: "aix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "6.0.1",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x357087220",
         },
         {
            model: "blackberry enterprise service",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.2.0",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.3",
         },
         {
            model: "laserjet printer series q7546a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52008.241",
         },
         {
            model: "command view for tape libraries",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "3.8",
         },
         {
            model: "big-iq security",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.1",
         },
         {
            model: "unified contact center express",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "aura communication manager utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "laserjet printer series q7547a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52008.241",
         },
         {
            model: "svn5500 v200r001c01hp0001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "project openssl beta2",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0.1",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.01",
         },
         {
            model: "rox",
            scope: "ne",
            trust: 0.3,
            vendor: "siemens",
            version: "22.6",
         },
         {
            model: "ip office application server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "9.0",
         },
         {
            model: "power ps701",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "color laserjet m651 cz256a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.012",
         },
         {
            model: "agent desktop for cisco unified contact center enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.8",
         },
         {
            model: "vdi communicator",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.0.3",
         },
         {
            model: "oceanstor s5500t v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "laserjet enterprise mfp m725 cf066a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "proxysgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.1",
         },
         {
            model: "laserjet enterprise mfp m630 series b3g85a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "one-x communicator for mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "x1.0.1",
         },
         {
            model: "aura messaging sp4",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "telepresence profile series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.3",
         },
         {
            model: "espace iad v300r001c07",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "software foundation python",
            scope: "eq",
            trust: 0.3,
            vendor: "python",
            version: "3.4",
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "laserjet enterprise color m775 series cf304a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7000",
         },
         {
            model: "9.2-rc1-p2",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413012.5",
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.119",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.2",
         },
         {
            model: "iq",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.1",
         },
         {
            model: "laserjet printer series q5402a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "42508.250.2",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.7",
         },
         {
            model: "msr30-1x family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "vcloud networking and security",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5.2",
         },
         {
            model: "color laserjet printer series q7491a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "470046.230.6",
         },
         {
            model: "4510g switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.6",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.5",
         },
         {
            model: "laserjet m3035 multifunction printer cb414a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "dsr-1000 rev. a1",
            scope: null,
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "operations automation",
            scope: "eq",
            trust: 0.3,
            vendor: "parallels",
            version: "5.0",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.1",
         },
         {
            model: "version control repository manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.4",
         },
         {
            model: "aura application server sip core",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.1",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.5",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "1.6.2",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.9",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1.1",
         },
         {
            model: "one-x mobile lite for iphone",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "0",
         },
         {
            model: "documentum content server sp2 p16",
            scope: "ne",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "sparc enterprise m5000 xcp",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "1117",
         },
         {
            model: "project openssl 1.0.0a",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "junos 12.1x44-d15",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.4",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3.2",
         },
         {
            model: "database and middleware automation",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10.20",
         },
         {
            model: "laserjet enterprise color mfp m575dn cd644a 2302963 436081",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "500",
         },
         {
            model: "video surveillance series ip cameras",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "30000",
         },
         {
            model: "network connect",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.0.0.12875",
         },
         {
            model: "power system s822",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "network connect 8.0r1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.21-21",
         },
         {
            model: "junos pulse for android",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.22",
         },
         {
            model: "system x3550m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79441.42",
         },
         {
            model: "sterling connect:express for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.5.0.9",
         },
         {
            model: "storevirtual 1tb mdl china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "proactive network operations center",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "algo audit and compliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.1.0.2",
         },
         {
            model: "project openssl 0.9.8f",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.40",
         },
         {
            model: "airwave",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "7.2.2",
         },
         {
            model: "vfabric application director",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.2",
         },
         {
            model: "color laserjet printer series q5981a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "380046.80.8",
         },
         {
            model: "enterprise virtualization",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "3",
         },
         {
            model: "junos 11.2r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "malware analysis appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.1",
         },
         {
            model: "ip video phone e20",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "1.2.2",
         },
         {
            model: "version control repository manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.2",
         },
         {
            model: "blackberry enterprise service",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.1.2.6",
         },
         {
            model: "junos 10.2r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "storevirtual 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "proxysg sgos",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.5.4.4",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.5",
         },
         {
            model: "project openssl beta3",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0.1",
         },
         {
            model: "mate products",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.2",
         },
         {
            model: "websphere datapower xml accelerator xa35",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0.0.8",
         },
         {
            model: "project openssl 1.0.1a",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "laserjet pro m401a/d/dn/dnw/dw/n cz195a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020150212",
         },
         {
            model: "integrity sd2 cb900s i2 and i4 server",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "3.7.98",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.010",
         },
         {
            model: "flex system p260",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.4",
         },
         {
            model: "storevirtual 4tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "3.1.9",
         },
         {
            model: "firepass",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "7.0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.37",
         },
         {
            model: "pulse desktop 4.0r11.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "srg1200&2200&3200 v100r002c02hp0001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "laserjet p4015 cb510a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.1.2",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.0.2",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6",
         },
         {
            model: "security network intrusion prevention system gx3002",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.8",
         },
         {
            model: "sterling connect:enterprise for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.4",
         },
         {
            model: "meeting exchange sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.1",
         },
         {
            model: "ive os 7.4r6",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 13.3r3",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "nexus series switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "56000",
         },
         {
            model: "puredata system for hadoop",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.00",
         },
         {
            model: "utm manager",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "4.1",
         },
         {
            model: "linux amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.29",
         },
         {
            model: "laserjet printer series q7699a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.260.3",
         },
         {
            model: "messaging secure gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "7.5",
         },
         {
            model: "junos 12.1x44-d35",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.5.5",
         },
         {
            model: "jabber guest",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.23",
         },
         {
            model: "m220 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.03",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "77009.7",
         },
         {
            model: "8.4-release-p9",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "web security appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.0.2",
         },
         {
            model: "s2750&s5700&s6700 v200r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "unified agent",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.1",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "58300",
         },
         {
            model: "jetdirect 695n eio card j8024a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "41.16",
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.3.2",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.3",
         },
         {
            model: "laserjet printer series q5410a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "43508.250.2",
         },
         {
            model: "espace u19** v100r001c10",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "data recovery",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "2.0.3",
         },
         {
            model: "content security management appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.3.1",
         },
         {
            model: "uma v200r001c00spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "communications policy management",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "9.9.1",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "1.0",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x350073830",
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.6",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.3",
         },
         {
            model: "image construction and composition tool",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.3.1.0",
         },
         {
            model: "idatplex dx360 m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79120",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.21",
         },
         {
            model: "cms r16",
            scope: null,
            trust: 0.3,
            vendor: "avaya",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.4",
         },
         {
            model: "telepresence content server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "color laserjet m651 cz256a 2302963 436073",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "oceanstor s6800t v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "aura system platform sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "project openssl 0.9.8w",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "junos 12.1x47-d10",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "fortisandbox",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.12",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.121",
         },
         {
            model: "digital media players series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "44000",
         },
         {
            model: "vdi communicator",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "1.0.1",
         },
         {
            model: "color laserjet printer series q7494a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "470046.230.6",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "119000",
         },
         {
            model: "secure analytics 2014.2r3",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.5",
         },
         {
            model: "power ps704 blade",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7891-74x)0",
         },
         {
            model: "storevirtual 450gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.120",
         },
         {
            model: "flashsystem 9843-ae1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "840",
         },
         {
            model: "laserjet enterprise mfp m725 cf067a 2302963 436078",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "laserjet enterprise p3015 ce525a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.186.1",
         },
         {
            model: "nsx for vsphere",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "6.0.4",
         },
         {
            model: "junos 13.1r3-s1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.24",
         },
         {
            model: "project openssl 1.0.1g",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "big-ip edge clients for linux",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "7101",
         },
         {
            model: "tivoli composite application manager for transactions",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.4",
         },
         {
            model: "netscaler build",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "8.157.3",
         },
         {
            model: "laserjet cm3530 multifunction printer cc519a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "laserjet enterprise m4555 mfp ce738a 2302963 436064",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.48",
         },
         {
            model: "horizon workspace",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.5",
         },
         {
            model: "storevirtual 600gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413012.6",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.9",
         },
         {
            model: "ips",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "espace usm v100r001 v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "idp series",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "laserjet enterprise p3015 ce527a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.186.1",
         },
         {
            model: "laserjet enterprise p3015 ce526a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.186.1",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "13.1",
         },
         {
            model: "storevirtual 1tb mdl sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "oncommand unified manager core package",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5",
         },
         {
            model: "tivoli netcool/system service monitor fp12",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1.0",
         },
         {
            model: "watson explorer",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0.0.4",
         },
         {
            model: "laserjet enterprise mfp m630 series b3g86a 2303714 233000041",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "system storage ts3400 tape library",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "0042",
         },
         {
            model: "email security gateway anywhere",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.1",
         },
         {
            model: "junos 12.3r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.5",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2.143",
         },
         {
            model: "nexus switch",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "31640",
         },
         {
            model: "laserjet m3035 multifunction printer cb415a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "laserjet cm3530 multifunction printer cc520a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "messagesight server",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0",
         },
         {
            model: "ive os 8.0r4.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 11.4r7",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "fusionsphere v100r003c10spc600",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "msr93x family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.47",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.2",
         },
         {
            model: "color laserjet multifunction printer series q7520a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "telepresence advanced media gateway series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.2",
         },
         {
            model: "airwave",
            scope: "ne",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "7.7.12",
         },
         {
            model: "security analytics platform",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.0",
         },
         {
            model: "flashsystem 9846-ae1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "840",
         },
         {
            model: "tivoli workload scheduler distributed fp03",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.6.0",
         },
         {
            model: "smc2.0 v100r002c01b025sp07",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "s2700&s3700 v100r006",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "project openssl 0.9.8r",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "espace cc v200r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "9250c digital sender cb472a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.293.1",
         },
         {
            model: "protection service for email",
            scope: "eq",
            trust: 0.3,
            vendor: "f secure",
            version: "7.1",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.31",
         },
         {
            model: "laserjet enterprise color mfp m880 d7p71a 2302963 436068",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "800",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.8",
         },
         {
            model: "netezza diagnostic tools",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1.0",
         },
         {
            model: "laserjet m4345 multifunction printer cb427a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.21",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "8.1.68.7",
         },
         {
            model: "elan",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "8.2",
         },
         {
            model: "isoc v200r001c01",
            scope: "eq",
            trust: 0.3,
            vendor: "huawei",
            version: "5000",
         },
         {
            model: "malware analyzer g2",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.5",
         },
         {
            model: "ds8870",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.3",
         },
         {
            model: "laserjet enterprise color m855 a2w77a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8000",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473011.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.81",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.2.15",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.2.2",
         },
         {
            model: "dgs-1500-28",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "2.51.005",
         },
         {
            model: "3par service processor sp-4.2.0.ga-29.p003",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "junos 12.1x44-d40",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "s7-1500",
            scope: "ne",
            trust: 0.3,
            vendor: "siemens",
            version: "1.6",
         },
         {
            model: "project openssl beta4",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0.0",
         },
         {
            model: "esight-ewl v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "hyperdp oceanstor n8500 v200r001c91",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "guardium database activity monitor",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1",
         },
         {
            model: "virtual tape library",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.70",
         },
         {
            model: "storevirtual hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.0",
         },
         {
            model: "meeting exchange",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.0.11",
         },
         {
            model: "cloud service automation",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "4.01",
         },
         {
            model: "project openssl 1.0.0l",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "general parallel file system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.5.0",
         },
         {
            model: "color laserjet multifunction printer series q7518a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.13",
         },
         {
            model: "simatic wincc oa",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "3.8",
         },
         {
            model: "enterprise linux desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "laserjet printer series q7544a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52008.241",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3",
         },
         {
            model: "laserjet enterprise m4555 mfp ce502a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "oic v100r001c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos space 13.1p1.14",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "dgs-1210-20",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "4.00.041",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.2",
         },
         {
            model: "system management homepage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.3",
         },
         {
            model: "icewall sso dfw certd",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10.0",
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.0",
         },
         {
            model: "spa300 series ip phones",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "laserjet enterprise m603 series ce996a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.9",
         },
         {
            model: "cit",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5.2",
         },
         {
            model: "color laserjet cp6015 q3932a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "content analysis system software",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1.53",
         },
         {
            model: "horizon workspace client for mac",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.5",
         },
         {
            model: "communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0",
         },
         {
            model: "via for linux",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "2.0.0",
         },
         {
            model: "upward integration modules for microsoft system center",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "5.5",
         },
         {
            model: "color laserjet printer series q5983a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "380046.80.8",
         },
         {
            model: "junos 11.4r9-s1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "project openssl 0.9.8p",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "rc2",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "9.2",
         },
         {
            model: "telepresence isdn link",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "sbr enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "6.10",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.23",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.6",
         },
         {
            model: "big-ip aam",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "puremessage for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "4.05",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "5.0.1",
         },
         {
            model: "mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.9.4",
         },
         {
            model: "storevirtual fc 900gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.19",
         },
         {
            model: "tivoli storage productivity center fix pack",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.14",
         },
         {
            model: "sterling connect:enterprise for unix ifix03",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.5.0.3",
         },
         {
            model: "power express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7300",
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "officejet enterprise color mfp b5l04a 2302963 436066",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "x585",
         },
         {
            model: "sterling connect:direct for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.5.01",
         },
         {
            model: "snapdrive for windows",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.5",
         },
         {
            model: "via for linux",
            scope: "ne",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "2.0.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.17",
         },
         {
            model: "pulse desktop 5.0r3.1",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.06",
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "9.3.61.5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.115",
         },
         {
            model: "secure access control server",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.1.2",
         },
         {
            model: "junos 5.0r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "apple",
            version: "x10.9.1",
         },
         {
            model: "fortios build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.2.0589",
         },
         {
            model: "virtualization experience media engine",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "jetdirect 620n eio card j7934g",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "29.26",
         },
         {
            model: "junos 10.0s18",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "scanjet enterprise document capture workstation l2719a 2302963 436065",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "8500",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.33",
         },
         {
            model: "jabber im for android",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "systems insight manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.12",
         },
         {
            model: "small cell factory recovery root filesystem",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "2.99.4",
         },
         {
            model: "proxysgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.4",
         },
         {
            model: "netezza platform software",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0.45",
         },
         {
            model: "cognos tm1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.2.0.2",
         },
         {
            model: "service manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.31",
         },
         {
            model: "aura messaging",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0.1",
         },
         {
            model: "flex system enterprise chassis",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8724",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.78",
         },
         {
            model: "ftp server",
            scope: "eq",
            trust: 0.3,
            vendor: "cerberus",
            version: "7.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.9.2",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "secure global desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.0",
         },
         {
            model: "color laserjet flow m680 ca251a 2302963 436072",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x365079150",
         },
         {
            model: "exalogic",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "x3-22.0.6.2.0",
         },
         {
            model: "opensuse",
            scope: "eq",
            trust: 0.3,
            vendor: "s u s e",
            version: "11.4",
         },
         {
            model: "storevirtual china hybrid storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.0",
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.3.6",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.10",
         },
         {
            model: "espace vtm v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "spa122 ata with router",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos 10.4r",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.15",
         },
         {
            model: "web security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.3",
         },
         {
            model: "config manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.6",
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "6.0.3",
         },
         {
            model: "storevirtual fc 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.6",
         },
         {
            model: "websphere datapower soa appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.0.0.6",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.00",
         },
         {
            model: "infosphere guardium",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.1",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5",
         },
         {
            model: "ssl vpn 8.0r4.1",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.2.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.4",
         },
         {
            model: "proxysg sgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "5.5",
         },
         {
            model: "project openssl 1.0.1c",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "32.0",
         },
         {
            model: "spa525 series ip phones",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "data ontap smi-s agent",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "5.2.1",
         },
         {
            model: "aura communication manager utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.4.0.15",
         },
         {
            model: "cp1543-1",
            scope: "ne",
            trust: 0.3,
            vendor: "siemens",
            version: "1.1.25",
         },
         {
            model: "laserjet m9050 multifunction printer cc395a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "51.256.1",
         },
         {
            model: "ive os 7.4r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.41",
         },
         {
            model: "laserjet enterprise color m551 series cf081a 2302963 436083",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "500",
         },
         {
            model: "advanced settings utility",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "9.52",
         },
         {
            model: "msr30 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "project openssl",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8v",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.4.0",
         },
         {
            model: "color laserjet enterprise m750 d3l10a 2302963 436077",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "color laserjet cp3505 printer series cb443a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "3.160.2",
         },
         {
            model: "laserjet enterprise m601 series ce990a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "oncommand workflow automation",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2",
         },
         {
            model: "proxysg sgos",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.2.15.6",
         },
         {
            model: "algo audit and compliance",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.54",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x357087330",
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.3.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.30",
         },
         {
            model: "utm",
            scope: "ne",
            trust: 0.3,
            vendor: "sophos",
            version: "9.113",
         },
         {
            model: "espace u2980 v100r001c02",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.3.9",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.3",
         },
         {
            model: "service delivery manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.2.4",
         },
         {
            model: "color laserjet printer series q7536a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "300046.80.2",
         },
         {
            model: "clearpass",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.2.0",
         },
         {
            model: "identity service engine",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "jsa 2014.2r2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.2",
         },
         {
            model: "9.2-release-p3",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2.177",
         },
         {
            model: "s12700 v200r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "snapdrive for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "initiate master data service",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.35",
         },
         {
            model: "8.4-release-p11",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "tivoli workload scheduler distributed fp04",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.5",
         },
         {
            model: "oceanstor s2200t v100r005",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.3.1",
         },
         {
            model: "system type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x3950x571431.43",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.2",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.0",
         },
         {
            model: "hsr6602 russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.18",
         },
         {
            model: "cognos metrics manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "10.1.1",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "41005.1.1",
         },
         {
            model: "laserjet enterprise color m775 series cc524a 2302963 436079",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "700",
         },
         {
            model: "s7-1500",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.23",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5600v39.7",
         },
         {
            model: "s2900 v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "open source security information management",
            scope: "ne",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.10",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "9.6",
         },
         {
            model: "linux lts amd64",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "12.04",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.0.21",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.32",
         },
         {
            model: "email security appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "7.6",
         },
         {
            model: "nexus series switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "70000",
         },
         {
            model: "datafort common criteria fc-series",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "junos 11.4r7-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.20",
         },
         {
            model: "pulse desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.38",
         },
         {
            model: "usg5000 v300r001c10spc200",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.7",
         },
         {
            model: "ovf tool",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "3.5.1",
         },
         {
            model: "storevirtual china hybrid san solution",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433512.0",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "51005.1.1",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.9",
         },
         {
            model: "hp-ux b.11.11",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "message networking sp4",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.1.5.1",
         },
         {
            model: "stunnel",
            scope: "eq",
            trust: 0.3,
            vendor: "stunnel",
            version: "5.00",
         },
         {
            model: "chargeback manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "2.5",
         },
         {
            model: "web security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.7.3",
         },
         {
            model: "laserjet enterprise flow m830z mfp cf367a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "officejet enterprise color mfp b5l07a 2302963 436066",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "x585",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.0",
         },
         {
            model: "big-iq security",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.3",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.2",
         },
         {
            model: "power express",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7500",
         },
         {
            model: "aura communication manager utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2.5.0.15",
         },
         {
            model: "junos 12.1x45-d25",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet m4345 multifunction printer cb428a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.8",
         },
         {
            model: "junos 13.2r3",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.0.4",
         },
         {
            model: "fortimail build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.1.3281",
         },
         {
            model: "color laserjet enterprise m750 d3l08a 2302963 436077",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "s5900 v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "esight v2r3c10spc201",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "aura system manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "laserjet pro m401a/d/dn/dnw/dw/n cf278a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "40020150212",
         },
         {
            model: "ssl vpn",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.4",
         },
         {
            model: "web security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.2",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.1.0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.40",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.4",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.78",
         },
         {
            model: "insight control server deployment",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.1",
         },
         {
            model: "project openssl 0.9.8l",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0.13",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.65",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "28.0.1500.95",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.5",
         },
         {
            model: "vma",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.11",
         },
         {
            model: "video surveillance series ip cameras",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "70000",
         },
         {
            model: "project openssl h",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.31",
         },
         {
            model: "s3900 v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "adaptive security appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.0.8",
         },
         {
            model: "proxysgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.1.6.3",
         },
         {
            model: "proxyav",
            scope: "ne",
            trust: 0.3,
            vendor: "bluecoat",
            version: "3.5.21",
         },
         {
            model: "anyoffice emm",
            scope: "eq",
            trust: 0.3,
            vendor: "huawei",
            version: "2.6.0601.0090",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.13",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.39",
         },
         {
            model: "project openssl i",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.8",
         },
         {
            model: "tssc",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.12",
         },
         {
            model: "color laserjet enterprise m750 d3l09a 2302963 436077",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "web security",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.3",
         },
         {
            model: "service manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "9.33",
         },
         {
            model: "ssl for openvms",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "1.4-476",
         },
         {
            model: "system x3400m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73781.42",
         },
         {
            model: "strm/jsa 2013.2r8",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "project openssl 1.0.0i",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "security network intrusion prevention system gx7412",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.171",
         },
         {
            model: "vcenter support assistant",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5.1",
         },
         {
            model: "laserjet p4015 cb511a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "msr50-g2 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "i v5r4",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.2",
         },
         {
            model: "storevirtual 1tb mdl china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "51005.1.21",
         },
         {
            model: "exalogic",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "x4-22.0.6.2.0",
         },
         {
            model: "system x3550m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79461.42",
         },
         {
            model: "usg9500 usg9500 v200r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "tssc",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.156",
         },
         {
            model: "laserjet cm3530 multifunction printer cc520a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "53.236.1",
         },
         {
            model: "s2750&s5700&s6700 v200r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "splunk",
            scope: "eq",
            trust: 0.3,
            vendor: "splunk",
            version: "4.3.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.58",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "rox",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "11.16",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.0",
         },
         {
            model: "jetdirect 690n eio card j8007a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "41.16",
         },
         {
            model: "ive os",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "7.4",
         },
         {
            model: "aura application enablement services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.3",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.13",
         },
         {
            model: "enterprise server",
            scope: "eq",
            trust: 0.3,
            vendor: "mandrakesoft",
            version: "5",
         },
         {
            model: "flex system p24l",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "ovf tool",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "3.0.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.17",
         },
         {
            model: "command view server based management",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "10.3.3",
         },
         {
            model: "prime network services controller",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "clearpass",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.2.6",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.18",
         },
         {
            model: "oic v100r001c00spc402",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "documentum content server",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "7.0",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.1",
         },
         {
            model: "mysql",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "5.6.14",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.30",
         },
         {
            model: "algo one",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.7.1",
         },
         {
            model: "icewall sso dfw",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8.0",
         },
         {
            model: "s7700&s9700 v200r005+v200r005hp0",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "data ontap",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "7.3.1",
         },
         {
            model: "9.2-releng",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "color laserjet cm6030 multifunction printer ce665a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "business server",
            scope: "eq",
            trust: 0.3,
            vendor: "mandriva",
            version: "1x8664",
         },
         {
            model: "vma san gateway g5.5.1.1",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5.1",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.010",
         },
         {
            model: "dsr-1000 1.09.b61",
            scope: "ne",
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "project openssl c",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "laserjet enterprise m603 series ce996a 2302963 436082",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "600",
         },
         {
            model: "vios",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.2.0.10",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5",
         },
         {
            model: "tivoli storage flashcopy manager",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1",
         },
         {
            model: "insight control server deployment",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.1.2",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "aura collaboration environment",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "1.0.4",
         },
         {
            model: "vtm v100r001c30",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos space 13.3r4.4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "system management homepage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.2",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "2.4.4",
         },
         {
            model: "oceanstor s5500t v100r005c30spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "storevirtual 2tb mdl sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.5",
         },
         {
            model: "xenclient enterprise",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.1.1",
         },
         {
            model: "system management homepage",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.4.1",
         },
         {
            model: "system type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x3690x571481.43",
         },
         {
            model: "fortivoiceos",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "0",
         },
         {
            model: "unified ip phone",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "99510",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "41005.1",
         },
         {
            model: "imc uam",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.00",
         },
         {
            model: "fortios",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "4.3.8",
         },
         {
            model: "integrated management module ii",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "3.86",
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.6",
         },
         {
            model: "rational insight",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.1.12",
         },
         {
            model: "insight control server deployment",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.1",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.24",
         },
         {
            model: "system x3650m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "79491.42",
         },
         {
            model: "netezza platform software",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0.213",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0",
         },
         {
            model: "espace u2980 v100r001 v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "intelligent management center",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "cloudburst",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "2.0",
         },
         {
            model: "laserjet enterprise m602 series ce993a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "tivoli netcool/system service monitor fp8",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "watson explorer",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.1",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.02",
         },
         {
            model: "vsphere cli",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.5",
         },
         {
            model: "junos 10.4r13",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet enterprise p3015 ce528a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "secure global desktop",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.71",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.54",
         },
         {
            model: "big-iq cloud",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.0",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.2",
         },
         {
            model: "fusion",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0",
         },
         {
            model: "8.4-rc2-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.3",
         },
         {
            model: "rox",
            scope: "eq",
            trust: 0.3,
            vendor: "siemens",
            version: "22.5",
         },
         {
            model: "one-x communicator for mac os",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "x2.0.10",
         },
         {
            model: "message networking",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.1",
         },
         {
            model: "idp",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.2",
         },
         {
            model: "spa500 series ip phones",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "junos os 13.1r4-s2",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "junos 12.1r6",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "color laserjet enterprise m750 d3l08a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "aura session manager",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.1",
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "8.0",
         },
         {
            model: "firepass",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "6.0",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.0",
         },
         {
            model: "system x3250m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "42521.42",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "20500",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.3.2",
         },
         {
            model: "san volume controller",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.112",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.4.1",
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.1.5.2",
         },
         {
            model: "junos d35",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x44",
         },
         {
            model: "blackberry os",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.1.0.1880",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.1.15",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.32",
         },
         {
            model: "ape",
            scope: "ne",
            trust: 0.3,
            vendor: "siemens",
            version: "2.0.2",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.43",
         },
         {
            model: "laserjet m4345 multifunction printer cb426a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "8.4-stable",
            scope: "ne",
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "telepresence ip vcr series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "msr20-1x russian version",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "telepresence sx series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "rational reporting for development intelligence",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.0",
         },
         {
            model: "si switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "55000",
         },
         {
            model: "aura application server sip core pb26",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.99",
         },
         {
            model: "documentum content server sp1 p26",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.1.3",
         },
         {
            model: "websphere message broker",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "18.0",
         },
         {
            model: "bladesystem c-class virtual connect",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "4.10",
         },
         {
            model: "9.2-stable",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "systems director storage control",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.1.1",
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.4.2.0",
         },
         {
            model: "junos 12.1x44-d30",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "tivoli netcool/system service monitor fp4",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.28",
         },
         {
            model: "sterling connect:direct for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1.1",
         },
         {
            model: "junos 12.1x45-d30",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.2",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2.178",
         },
         {
            model: "project openssl 1.0.0j",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "eupp v100r001c01spc101",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "proxysg sgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.5",
         },
         {
            model: "flex system p460 compute node",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-42x)0",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "2.2.7",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.76",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.5",
         },
         {
            model: "ecns600 v100r003c00",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos 13.2r4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "horizon view client",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "4.0",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "storevirtual 600gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.6",
         },
         {
            model: "proxysgos",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "6.4.6.1",
         },
         {
            model: "service manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.21",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.8.11",
         },
         {
            model: "oceanstor s2600t v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "ssl for openvms",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1.4-471",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.0",
         },
         {
            model: "color laserjet enterprise cp4025 cc490a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.164.1",
         },
         {
            model: "communicator for android",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "2.0.1",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.1.9",
         },
         {
            model: "smart analytics system",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5600v29.7",
         },
         {
            model: "security information and event management",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "9.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "0.9.131.0",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.3",
         },
         {
            model: "laserjet printer series q3723a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9040/90508.260.3",
         },
         {
            model: "aura presence services sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.06",
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3.0",
         },
         {
            model: "3par service processor sp-4.3.0.ga-17.p000",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "project openssl",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "1.0.1",
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453012.0",
         },
         {
            model: "color laserjet cp6015 q3935a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.203.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.27",
         },
         {
            model: "sbr carrier 7.5.0-r11",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet enterprise m603 series ce994a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "junos 12.2r7",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "communication server 1000m signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.0",
         },
         {
            model: "ave2000 v100r001c00sph001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.1.3",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.19",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "3.2.21",
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.4",
         },
         {
            model: "laserjet enterprise m4555 mfp ce504a 2302963 436064",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "junos 10.4r7",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.60",
         },
         {
            model: "digital sender 9200c q5916a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "9.271.3",
         },
         {
            model: "laserjet m3035 multifunction printer cc477a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "48.306.1",
         },
         {
            model: "system x3620m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73761.42",
         },
         {
            model: "switch series",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "3600v20",
         },
         {
            model: "communication server 1000e",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.0",
         },
         {
            model: "storevirtual 900gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.6",
         },
         {
            model: "tivoli netcool/system service monitor fp5",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "fortiweb",
            scope: "eq",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.2",
         },
         {
            model: "laserjet p3005 printer series q7812a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "2.190.3",
         },
         {
            model: "documentum content server sp2 p15",
            scope: "eq",
            trust: 0.3,
            vendor: "emc",
            version: "6.7",
         },
         {
            model: "laserjet enterprise color flow mfp m575c cd646a 2302963 436081",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.55",
         },
         {
            model: "tivoli workload scheduler for applications fp01",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.5",
         },
         {
            model: "9.2-release-p5",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.90",
         },
         {
            model: "laserjet p4515 cb514a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.203.1",
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.4",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.16",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "2.0.3",
         },
         {
            model: "10.0-rc2-p1",
            scope: null,
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "web gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.4.13",
         },
         {
            model: "msr4000 family",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "473012.5",
         },
         {
            model: "system x3400m2 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "78371.42",
         },
         {
            model: "junos 12.2r8",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "31005.1.21",
         },
         {
            model: "laserjet p4014 cb506a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.3",
         },
         {
            model: "big-ip edge gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.2",
         },
         {
            model: "laserjet enterprise mfp m525f cf116a 2302963 436069",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "500",
         },
         {
            model: "puremessage for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "5.5.4",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "463012.5",
         },
         {
            model: "financial services lending and leasing",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "14.1",
         },
         {
            model: "flex system p24l compute node",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "0",
         },
         {
            model: "nac appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "vpn client v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "metro ethernet series access devices",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "12000",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.1",
         },
         {
            model: "email security gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.1",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.5",
         },
         {
            model: "eucalyptus",
            scope: "eq",
            trust: 0.3,
            vendor: "eucalyptus",
            version: "3.4.2",
         },
         {
            model: "3par service processor sp-4.1.0.ga-97.p011",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.25",
         },
         {
            model: "3par service processor sp-4.1.0.ga-97.p010",
            scope: null,
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "prime network",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "20.0.1132.20",
         },
         {
            model: "cloudsystem foundation",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "8.1",
         },
         {
            model: "database and middleware automation",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "10.01",
         },
         {
            model: "linux arm",
            scope: "eq",
            trust: 0.3,
            vendor: "debian",
            version: "6.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.30",
         },
         {
            model: "jetdirect 635n eio card j7961g",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "41.16",
         },
         {
            model: "aura presence services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.1",
         },
         {
            model: "centos",
            scope: "eq",
            trust: 0.3,
            vendor: "centos",
            version: "5",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.84",
         },
         {
            model: "storevirtual 900gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433012.5",
         },
         {
            model: "vdi-in-a-box",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "5.4.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.3",
         },
         {
            model: "junos 13.3r2-s3",
            scope: "ne",
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.36",
         },
         {
            model: "prime infrastructure",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "color laserjet multifunction printer series q7517a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "400046.380.3",
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "ace application control engine appliance",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "flex system p460",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "(7895-42x)0",
         },
         {
            model: "linux lts",
            scope: "eq",
            trust: 0.3,
            vendor: "ubuntu",
            version: "10.04",
         },
         {
            model: "junos pulse for ios",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "stunnel",
            scope: "eq",
            trust: 0.3,
            vendor: "stunnel",
            version: "5.01",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.1.18",
         },
         {
            model: "websphere datapower xml security gateway xs40",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.05",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "41005.2",
         },
         {
            model: "tivoli network manager ip edition fix pack",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.94",
         },
         {
            model: "laserjet enterprise mfp m630 series b3g86a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "project openssl 1.0.0m",
            scope: "ne",
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.8",
         },
         {
            model: "dsr-500n rev. a1",
            scope: null,
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "color laserjet m651 cz257a 2302963 436073",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "security network intrusion prevention system gx5008-v2",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.21",
         },
         {
            model: "color laserjet cm6040 multifunction printer q3938a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "52.256.1",
         },
         {
            model: "netiq sslvpn server",
            scope: "eq",
            trust: 0.3,
            vendor: "novell",
            version: "0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.45",
         },
         {
            model: "junos space",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "11.4",
         },
         {
            model: "ios xr software",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.77",
         },
         {
            model: "storevirtual 600gb sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "413011.5",
         },
         {
            model: "color laserjet cp4005 printer series cb503a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "46.230.6",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.18",
         },
         {
            model: "initiate master data service",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "9.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.75",
         },
         {
            model: "sparc m10-1",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "0",
         },
         {
            model: "nip2000&5000 v100r002c10spc100",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "message networking",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "5.2.5",
         },
         {
            model: "sterling b2b integrator",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "5.1",
         },
         {
            model: "laserjet enterprise m603 series ce995a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.44",
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.8.0",
         },
         {
            model: "laserjet enterprise mfp m630 series j7x28a 2303714 233000041",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "communication server 1000e signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.0",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "33.0.1750.166",
         },
         {
            model: "junos 11.4r3.7",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "eupp v100r001c01",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "open source security information management",
            scope: "eq",
            trust: 0.3,
            vendor: "alienvault",
            version: "4.0.3",
         },
         {
            model: "version control agent",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.3.2",
         },
         {
            model: "junos 13.1r4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.52",
         },
         {
            model: "dsr-500 rev. a1",
            scope: null,
            trust: 0.3,
            vendor: "d link",
            version: null,
         },
         {
            model: "guardium database activity monitor",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.0",
         },
         {
            model: "big-ip apm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.1.0",
         },
         {
            model: "dgs-1500.20",
            scope: "eq",
            trust: 0.3,
            vendor: "d link",
            version: "2.51.005",
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.0",
         },
         {
            model: "laserjet enterprise m602 series ce992a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "6000",
         },
         {
            model: "project openssl 0.9.8o",
            scope: null,
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "junos d15",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "12.1x45-",
         },
         {
            model: "update manager",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.0",
         },
         {
            model: "laserjet p2055 printer series ce457a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "20141201",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.1.5",
         },
         {
            model: "project openssl e",
            scope: "eq",
            trust: 0.3,
            vendor: "openssl",
            version: "0.9.8",
         },
         {
            model: "idol image server",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.87",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.35",
         },
         {
            model: "system m4 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "x375087520",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.27",
         },
         {
            model: "oceanstor s5800t v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "big-ip wom",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.1",
         },
         {
            model: "version control repository manager",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.1",
         },
         {
            model: "blackberry os",
            scope: "eq",
            trust: 0.3,
            vendor: "rim",
            version: "10.1",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.36",
         },
         {
            model: "jabber for mac",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.47",
         },
         {
            model: "itbm standard",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.0.1",
         },
         {
            model: "fortigate",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.8",
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "453011.5",
         },
         {
            model: "mcp",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "66000",
         },
         {
            model: "color laserjet flow m680 cz250a 2302963 436072",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: null,
         },
         {
            model: "websphere cast iron cloud integration",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "6.32",
         },
         {
            model: "unified series ip phones",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "69000",
         },
         {
            model: "tivoli netcool/system service monitor fp1",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.0.0",
         },
         {
            model: "one-x communicator for microsoft windows",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.1.6",
         },
         {
            model: "host checker",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "0",
         },
         {
            model: "junos 12.2r8-s2",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "scale out network attached storage",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.3.21-20",
         },
         {
            model: "oceanstor s5600t v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "big-iq cloud",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.3",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.38",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.11",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "linerate",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "2.3.1",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.0.6",
         },
         {
            model: "system x3400m3 type",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "73791.42",
         },
         {
            model: "laserjet enterprise color m551 series cf083a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "5000",
         },
         {
            model: "big-iq security",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.2",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 0.3,
            vendor: "winscp",
            version: "5.1.6",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2.4",
         },
         {
            model: "security network protection",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "51005.1.2",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.35",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.97",
         },
         {
            model: "big-ip link controller",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.34",
         },
         {
            model: "unified communications manager session management edition",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "1.22",
         },
         {
            model: "malware analyzer g2",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "4.1",
         },
         {
            model: "video surveillance ptz ip cameras",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "snapdrive for unix",
            scope: "ne",
            trust: 0.3,
            vendor: "ibm",
            version: "5.3",
         },
         {
            model: "client applications",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "3.0",
         },
         {
            model: "vm virtualbox",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "4.2",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "4.0.14",
         },
         {
            model: "laserjet enterprise color mfp m880 d7p71a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8000",
         },
         {
            model: "security module for cisco network registar",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "color laserjet cp3525 cc470a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "6.183.1",
         },
         {
            model: "sbr carrier",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "8.0",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.11",
         },
         {
            model: "big-ip gtm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.2.1",
         },
         {
            model: "rc1",
            scope: "eq",
            trust: 0.3,
            vendor: "freebsd",
            version: "9.2",
         },
         {
            model: "laserjet p4014 cb512a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "open systems snapvault",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.0.1",
         },
         {
            model: "tivoli storage productivity center",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.2.2.145",
         },
         {
            model: "project openssl 0.9.8za",
            scope: "ne",
            trust: 0.3,
            vendor: "openssl",
            version: null,
         },
         {
            model: "storevirtual 450gb sas storage/s-buy",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "telepresence system",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "500-320",
         },
         {
            model: "cloudplatform",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.3.0.1",
         },
         {
            model: "data ontap storage management initiative specification a",
            scope: "eq",
            trust: 0.3,
            vendor: "netapp",
            version: "0",
         },
         {
            model: "chrome for android",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "35.0",
         },
         {
            model: "aura application server sip core pb16",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "53002.0",
         },
         {
            model: "security network intrusion prevention system gx5108-v2",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.9",
         },
         {
            model: "idp series 5.1r4",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "s6900 v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "4.2",
         },
         {
            model: "big-ip ltm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "10.2.4",
         },
         {
            model: "big-ip asm",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.0.00",
         },
         {
            model: "cloudplatform",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "4.2.1",
         },
         {
            model: "puremessage for unix",
            scope: "eq",
            trust: 0.3,
            vendor: "sophos",
            version: "5.5.5",
         },
         {
            model: "proventia network security controller 1.0.3350m",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "netscaler",
            scope: "eq",
            trust: 0.3,
            vendor: "citrix",
            version: "10.1-122.17",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "21.0.1180.5",
         },
         {
            model: "fortimail build",
            scope: "ne",
            trust: 0.3,
            vendor: "fortinet",
            version: "5.0.6170",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "1.9.4",
         },
         {
            model: "junos 10.4r10",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "clearpass",
            scope: "eq",
            trust: 0.3,
            vendor: "arubanetworks",
            version: "6.3.2",
         },
         {
            model: "integrated management module ii",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "3.30",
         },
         {
            model: "vfabric web server",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "5.3.4",
         },
         {
            model: "dsm v100r002",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "communications policy management",
            scope: "eq",
            trust: 0.3,
            vendor: "oracle",
            version: "10.4.1",
         },
         {
            model: "communication server 1000m",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.5",
         },
         {
            model: "laserjet enterprise m712 series cf238a 2302963 436080",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "700",
         },
         {
            model: "big-ip analytics",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.4.1",
         },
         {
            model: "telepresence mx series",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "insight control server deployment",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "7.2.2",
         },
         {
            model: "css series content services switches",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "115000",
         },
         {
            model: "telepresence system",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "500-370",
         },
         {
            model: "tivoli workload scheduler distributed fp04",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "8.5.1",
         },
         {
            model: "unified agent",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "1.1",
         },
         {
            model: "oceanstor s5800t v100r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "26.0.1410.35",
         },
         {
            model: "aura communication manager utility services",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "6.2",
         },
         {
            model: "enterprise linux desktop workstation client",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5",
         },
         {
            model: "rational clearquest",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "7.1.2.10",
         },
         {
            model: "web gateway",
            scope: "ne",
            trust: 0.3,
            vendor: "mcafee",
            version: "7.3.2.10",
         },
         {
            model: "oneview",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "1.05",
         },
         {
            model: "security network intrusion prevention system gx7412-05",
            scope: null,
            trust: 0.3,
            vendor: "ibm",
            version: null,
         },
         {
            model: "icewall mcrp",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "3.0",
         },
         {
            model: "pan-os",
            scope: "eq",
            trust: 0.3,
            vendor: "paloaltonetworks",
            version: "5.0.7",
         },
         {
            model: "rational tau",
            scope: "eq",
            trust: 0.3,
            vendor: "ibm",
            version: "4.33",
         },
         {
            model: "sylpheed",
            scope: "eq",
            trust: 0.3,
            vendor: "sylpheed",
            version: "0.9.5",
         },
         {
            model: "communication server 1000m signaling server",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.5",
         },
         {
            model: "web security gateway anywhere",
            scope: "eq",
            trust: 0.3,
            vendor: "websense",
            version: "7.8.3",
         },
         {
            model: "big-ip webaccelerator",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "11.3",
         },
         {
            model: "junos space 13.3r1.9",
            scope: null,
            trust: 0.3,
            vendor: "juniper",
            version: null,
         },
         {
            model: "laserjet p4515 cb517a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "4.213.1",
         },
         {
            model: "storevirtual 450gb china sas storage",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "433011.5",
         },
         {
            model: "s7700&s9700 v200r001",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "communication server 1000e",
            scope: "eq",
            trust: 0.3,
            vendor: "avaya",
            version: "7.5",
         },
         {
            model: "9.3-beta1",
            scope: "ne",
            trust: 0.3,
            vendor: "freebsd",
            version: null,
         },
         {
            model: "software foundation python",
            scope: "eq",
            trust: 0.3,
            vendor: "python",
            version: "2.7",
         },
         {
            model: "chrome os",
            scope: "eq",
            trust: 0.3,
            vendor: "google",
            version: "25.0.1364.98",
         },
         {
            model: "laserjet enterprise color mfp m880 a2w75a",
            scope: "eq",
            trust: 0.3,
            vendor: "hp",
            version: "8000",
         },
         {
            model: "security analytics platform",
            scope: "eq",
            trust: 0.3,
            vendor: "bluecoat",
            version: "7.1",
         },
         {
            model: "horizon workspace server gateway",
            scope: "eq",
            trust: 0.3,
            vendor: "vmware",
            version: "1.5",
         },
         {
            model: "laserjet enterprise p3015 ce595a",
            scope: "ne",
            trust: 0.3,
            vendor: "hp",
            version: "7.186.1",
         },
         {
            model: "espace usm v100r001c01",
            scope: null,
            trust: 0.3,
            vendor: "huawei",
            version: null,
         },
         {
            model: "junos",
            scope: "eq",
            trust: 0.3,
            vendor: "juniper",
            version: "5.1",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "67899",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.0.0m",
                        versionStartIncluding: "1.0.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "1.0.1h",
                        versionStartIncluding: "1.0.1",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.9.8za",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:storage:2.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_web_server:2.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.3:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:filezilla-project:filezilla_server:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.9.45",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:application_processing_engine_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "2.0.2",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:application_processing_engine:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:cp1543-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.1.25",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:cp1543-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:s7-1500_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.6",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:s7-1500:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:rox_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "1.16.1",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:rox:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "10.0.13",
                        versionStartIncluding: "10.0.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "3.4.2",
                        versionStartIncluding: "3.4.0",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "2.7.8",
                        versionStartIncluding: "2.7.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "0.10.29",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "HP",
      sources: [
         {
            db: "PACKETSTORM",
            id: "127936",
         },
         {
            db: "PACKETSTORM",
            id: "127422",
         },
         {
            db: "PACKETSTORM",
            id: "127403",
         },
         {
            db: "PACKETSTORM",
            id: "127190",
         },
         {
            db: "PACKETSTORM",
            id: "128345",
         },
      ],
      trust: 0.5,
   },
   cve: "CVE-2014-0224",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "NONE",
                  baseScore: 5.8,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 8.6,
                  id: "CVE-2014-0224",
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "MEDIUM",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 7.4,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 2.2,
                  impactScore: 5.2,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2014-0224",
                  trust: 1,
                  value: "HIGH",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201406-080",
                  trust: 0.6,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2014-0224",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2014-0224",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the \"CCS Injection\" vulnerability. OpenSSL is prone to security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. \nVersions prior to OpenSSL 1.0.1 and 1.0.2-beta1 are vulnerable. \n\nHP Connect IT / HP SPM CIT - 9.5x\n Please install: HP Connect IT 9.53.P2\n\nFor Windows\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00070\n\nFor Linux\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00071\n\nFor AIX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00072\n\nFor HPUX\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00073\n\nFor Solaris\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00074\n\nHP Connect IT / HP SPM CIT - 9.4x\n Please install: HP Connect IT 9.40.P1\n\nFor windows(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00075\n\nFor Linux(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00076\n\nFor AIX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00077\n\nFor HPUX(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00078\n\nFor Solaris(en)\n http://support.openview.hp.com/selfsolve/document/LID/HPCIT_00079\n\nHP Connect IT / HP SPM AM  5.2x\n Please install: HP Connect IT 9.41.P1\n\nHISTORY\nVersion:1 (rev.1) - 19 August 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. ============================================================================\nUbuntu Security Notice USN-2232-3\nJune 23, 2014\n\nopenssl regression\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 13.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nUSN-2232-1 introduced a regression in OpenSSL. The upstream fix for\nCVE-2014-0224 caused a regression for certain applications that use\nrenegotiation, such as PostgreSQL. This update fixes the problem. \n\nOriginal advisory details:\n\n J=C3=BCri Aedla discovered that OpenSSL incorrectly handled invalid DTLS\n fragments. This issue only affected Ubuntu 12.04 LTS, Ubuntu 13.10, and\n Ubuntu 14.04 LTS. (CVE-2014-0195)\n  Imre Rad discovered that OpenSSL incorrectly handled DTLS recursions. A\n remote attacker could use this issue to cause OpenSSL to crash, resulting\n in a denial of service. (CVE-2014-0221)\n  KIKUCHI Masashi discovered that OpenSSL incorrectly handled certain\n handshakes. \n (CVE-2014-0224)\n  Felix Gr=C3=B6bert and Ivan Fratri=C4=87 discovered that OpenSSL incorrectly handled\n anonymous ECDH ciphersuites. A remote attacker could use this issue to\n cause OpenSSL to crash, resulting in a denial of service. This issue only\n affected Ubuntu 12.04 LTS, Ubuntu 13.10, and Ubuntu 14.04 LTS. \n (CVE-2014-3470)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n  libssl1.0.0                     1.0.1f-1ubuntu2.4\n\nUbuntu 13.10:\n  libssl1.0.0                     1.0.1e-3ubuntu1.6\n\nUbuntu 12.04 LTS:\n  libssl1.0.0                     1.0.1-4ubuntu5.16\n\nUbuntu 10.04 LTS:\n  libssl0.9.8                     0.9.8k-7ubuntu8.19\n\nAfter a standard system update you need to reboot your computer to make all\nthe necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2232-3\n  http://www.ubuntu.com/usn/usn-2232-1\n  https://launchpad.net/bugs/1332643\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6\n  https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16\n  https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201407-05\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                            http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n    Title: OpenSSL: Multiple vulnerabilities\n     Date: July 27, 2014\n     Bugs: #512506\n       ID: 201407-05\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSL, possibly allowing\nremote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/openssl           < 1.0.1h-r1             *>= 0.9.8z_p5\n                                                        *>= 0.9.8z_p4\n                                                        *>= 0.9.8z_p1\n                                                        *>= 0.9.8z_p3\n                                                        *>= 0.9.8z_p2\n                                                           *>= 1.0.0m\n                                                         >= 1.0.1h-r1\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSL. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSL users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.0.1h-r1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-5298\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5298\n[ 2 ] CVE-2014-0195\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0195\n[ 3 ] CVE-2014-0198\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0198\n[ 4 ] CVE-2014-0221\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0221\n[ 5 ] CVE-2014-0224\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0224\n[ 6 ] CVE-2014-3470\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3470\n[ 7 ] OpenSSL Security Advisory [05 Jun 2014]\n      http://www.openssl.org/news/secadv_20140605.txt\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201407-05.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. The bulletin does not apply to any other 3rd party application\n(e.g. operating system, web server, or application server) that may be\nrequired to be installed by the customer according instructions in the\nproduct install guide. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04347622\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04347622\nVersion: 1\n\nHPSBHF03052 rev.1 - HP Intelligent Management Center (iMC), HP Network\nProducts including H3C and 3COM Routers and Switches running OpenSSL, Remote\nDenial of Service (DoS), Code Execution, Unauthorized Access, Modification or\nDisclosure of Information\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2014-06-20\nLast Updated: 2014-06-20\n\nPotential Security Impact: Remote Denial of Service (DoS), code execution,\nunauthorized access, modification of information, disclosure of information\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP Intelligent\nManagement Center (iMC), HP Network Products including 3COM and H3C routers\nand switches running OpenSSL. The vulnerabilities could be exploited remotely\nto create a Denial of Service (DoS), execute code, allow unauthorized access,\nmodify or disclose information. \n\nReferences:\n\nCVE-2010-5298 Remote Denial of Service (DoS) or Modification of Information\nCVE-2014-0198 Remote Unauthorized Access (only iMC impacted)\nCVE-2014-0224 Remote Unauthorized Access or Disclosure of Information\nSSRT101561\nNote: All products listed are impacted by CVE-2014-0224 . iMC is also\nimpacted by CVE-2014-0198 and CVE-2010-5298\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nPlease refer to the RESOLUTION\n section below for a list of impacted products. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2010-5298    (AV:N/AC:H/Au:N/C:N/I:P/A:P)       4.0\nCVE-2014-0198    (AV:N/AC:M/Au:N/C:N/I:N/A:P)       4.3\nCVE-2014-0224    (AV:N/AC:M/Au:N/C:P/I:P/A:P)       6.8\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\nOn June 5th 2014, OpenSSL.org issued an advisory with several CVE\nvulnerabilities. HP Networking is working to release fixes for these\nvulnerabilities that impact the products in the table below. As fixed\nsoftware is made available, this security bulletin will be updated to show\nthe fixed versions. Until the software fixes are available, HP Networking is\nproviding the following information including possible workarounds to\nmitigate the risks of these vulnerabilities. \n\nDescription\n\nThe most serious issue reported is CVE-2014-0224 and it is the one discussed\nhere. To take advantage CVE-2014-0224, an attacker must:\n\nbe in between the OpenSSL client and OpenSSL server. \nbe capable of intercepting and modifying packets between the OpenSSL client\nand OpenSSL server in real time. \n\nWorkarounds\n\nHP Networking equipment is typically deployed inside firewalls and access to\nmanagement interfaces and other protocols is more tightly controlled than in\npublic environments. This deployment and security restrictions help to reduce\nthe possibility of an attacker being able to intercept both OpenSSL client\nand OpenSSL server traffic. \n\nFollowing the guidelines in the Hardening Comware-based devices can help to\nfurther reduce man-in-the-middle opportunities:\n\nhttp://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=c03536\n920\n\nFor an HP Networking device acting as an OpenSSL Server, using a patched\nOpenSSL client or non-OpenSSL client eliminates the risk. As an example, most\nmodern web browsers do not use the OpenSSL client and the sessions between\nthe HP Networking OpenSSL server and the non-OpenSSL client are not at risk\nfor this attack. For HP Networking Equipment that is using an OpenSSL client,\npatching the OpenSSL server will eliminate the risk of this attack. \n\nProtocol Notes\n\nThe following details the protocols that use OpenSSL in Comware v5 and\nComware v7:\n\nComware V7:\n\nServer:\n\nFIPS/HTTPS/Load Balancing/Session Initiation Protocol\n\nClient:\n\nLoad Balancing/OpenFlow/Session Initiation Protocol/State Machine Based\nAnti-Spoofing/Dynamic DNS\n\nComware V5:\n\nServer:\n\nCAPWAP/EAP/SSLVPN\n\nClient:\n\nDynamic DNS\n\nFamily\n Fixed Version\n HP Branded Products Impacted\n H3C Branded Products Impacted\n 3Com Branded Products Impacted\n\n12900 Switch Series\n Fix in progress\nuse mitigations\n JG619A HP FF 12910 Switch AC Chassis\nJG621A HP FF 12910 Main Processing Unit\nJG632A HP FF 12916 Switch AC Chassis\nJG634A HP FF 12916 Main Processing Unit\n\n12500\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJC808A HP 12500 TAA Main Processing Unit\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n12500 (Comware v7)\n Fix in progress\nuse mitigations\n JC085A HP A12518 Switch Chassis\nJC086A HP A12508 Switch Chassis\nJC652A HP 12508 DC Switch Chassis\nJC653A HP 12518 DC Switch Chassis\nJC654A HP 12504 AC Switch Chassis\nJC655A HP 12504 DC Switch Chassis\nJF430A HP A12518 Switch Chassis\nJF430B HP 12518 Switch Chassis\nJF430C HP 12518 AC Switch Chassis\nJF431A HP A12508 Switch Chassis\nJF431B HP 12508 Switch Chassis\nJF431C HP 12508 AC Switch Chassis\nJC072B HP 12500 Main Processing Unit\nJG497A HP 12500 MPU w/Comware V7 OS\nJG782A HP FF 12508E AC Switch Chassis\nJG783A HP FF 12508E DC Switch Chassis\nJG784A HP FF 12518E AC Switch Chassis\nJG785A HP FF 12518E DC Switch Chassis\nJG802A HP FF 12500E MPU\n H3C S12508 Routing Switch(AC-1) (0235A0GE)\nH3C S12518 Routing Switch(AC-1) (0235A0GF)\nH3C S12508 Chassis (0235A0E6)\nH3C S12508 Chassis (0235A38N)\nH3C S12518 Chassis (0235A0E7)\nH3C S12518 Chassis (0235A38M)\n\n11900 Switch Series\n Fix in progress\nuse mitigations\n JG608A HP FF 11908-V Switch Chassis\nJG609A HP FF 11900 Main Processing Unit\n\n10500 Switch Series (Comware v5)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC614A HP 10500 Main Processing Unit\nJC748A HP 10512 Switch Chassis\nJG375A HP 10500 TAA Main Processing Unit\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\n\n10500 Switch Series (Comware v7)\n Fix in progress\nuse mitigations\n JC611A HP 10508-V Switch Chassis\nJC612A HP 10508 Switch Chassis\nJC613A HP 10504 Switch Chassis\nJC748A HP 10512 Switch Chassis\nJG820A HP 10504 TAA Switch Chassis\nJG821A HP 10508 TAA Switch Chassis\nJG822A HP 10508-V TAA Switch Chassis\nJG823A HP 10512 TAA Switch Chassis\nJG496A HP 10500 Type A MPU w/Comware v7 OS\n\n9500E\n Fix in progress\nuse mitigations\n JC124A HP A9508 Switch Chassis\nJC124B HP 9505 Switch Chassis\nJC125A HP A9512 Switch Chassis\nJC125B HP 9512 Switch Chassis\nJC474A HP A9508-V Switch Chassis\nJC474B HP 9508-V Switch Chassis\n H3C S9505E Routing-Switch Chassis (0235A0G6)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9512E Routing-Switch Chassis (0235A0G7)\nH3C S9508E-V Routing-Switch Chassis (0235A38Q)\nH3C S9505E Chassis w/ Fans (0235A38P)\nH3C S9512E Chassis w/ Fans (0235A38R)\n\nRouter 8800\n Fix in progress\nuse mitigations\n JC147A HP A8802 Router Chassis\nJC147B HP 8802 Router Chassis\nJC148A HP A8805 Router Chassis\nJC148B HP 8805 Router Chassis\nJC149A HP A8808 Router Chassis\nJC149B HP 8808 Router Chassis\nJC150A HP A8812 Router Chassis\nJC150B HP 8812 Router Chassis\nJC141A HP 8802 Main Control Unit Module\nJC138A HP 8805/08/12 (1E) Main Cntrl Unit Mod\nJC137A HP 8805/08/12 (2E) Main Cntrl Unit Mod\n H3C SR8805 10G Core Router Chassis (0235A0G8)\nH3C SR8808 10G Core Router Chassis (0235A0G9)\nH3C SR8812 10G Core Router Chassis (0235A0GA)\nH3C SR8802 10G Core Router Chassis (0235A0GC)\nH3C SR8802 10G Core Router Chassis (0235A31B)\nH3C SR8805 10G Core Router Chassis (0235A31C)\nH3C SR8808 10G Core Router Chassis (0235A31D)\nH3C SR8812 10G Core Router Chassis (0235A31E)\n\n7500 Switch Series\n Fix in progress\nuse mitigations\n JC666A HP A7503-S 144 Gbps Fab/MPU w 24p Gig-T\nJC697A HP A7502 TAA Main Processing Unit\nJC698A HP A7503S 144 Gbps TAA Fab/MPU w 24p GbE\nJC699A HP A7500 384Gbps TAA Fab/MPU w 2p 10-GbE\nJC700A HP A7500 384 Gbps TAA Fabric / MPU\nJC701A HP A7510 768 Gbps TAA Fabric / MPU\nJD193A HP 384 Gbps A7500 Fab Mod w/2 XFP Ports\nJD193B HP 7500 384Gbps Fab Mod w/2 XFP Ports\nJD194A HP 384 Gbps Fabric A7500 Module\nJD194B HP 7500 384Gbps Fabric Module\nJD195A HP 7500 384Gbps Advanced Fabric Module\nJD196A HP 7502 Fabric Module\nJD220A HP 7500 768Gbps Fabric Module\nJD238A HP A7510 Switch Chassis\nJD238B HP 7510 Switch Chassis\nJD239A HP A7506 Switch Chassis\nJD239B HP 7506 Switch Chassis\nJD240A HP A7503 Switch Chassis\nJD240B HP 7503 Switch Chassis\nJD241A HP A7506 Vertical Switch Chassis\nJD241B HP 7506-V Switch Chassis\nJD242A HP A7502 Switch Chassis\nJD242B HP 7502 Switch Chassis\nJD243A HP A7503 Switch Chassis w/1 Fabric Slot\nJD243B HP 7503-S Switch Chassis w/1 Fabric Slot\n H3C S7502E Ethernet Switch Chassis with Fan (0235A0G4)\nH3C S7503E Ethernet Switch Chassis with Fan (0235A0G2)\nH3C S7503E-S Ethernet Switch Chassis with Fan (0235A0G5)\nH3C S7506E Ethernet Switch Chassis with Fan (0235A0G1)\nH3C S7506E-V Ethernet Switch Chassis with Fan (0235A0G3)\nH3C S7510E Ethernet Switch Chassis with Fan (0235A0G0)\nH3C S7502E Chassis w/ fans (0235A29A)\nH3C S7503E Chassis w/ fans (0235A27R)\nH3C S7503E-S Chassis w/ fans (0235A33R)\nH3C S7506E Chassis w/ fans (0235A27Q)\nH3C S7506E-V Chassis w/ fans (0235A27S)\n\nHSR6800\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6800 Russian Version\n Fix in progress\nuse mitigations\n JG361A HP HSR6802 Router Chassis\nJG362A HP HSR6804 Router Chassis\nJG363A HP HSR6808 Router Chassis\nJG364A HP HSR6800 RSE-X2 Router MPU\nJG779A HP HSR6800 RSE-X2 Router TAA MPU\n\nHSR6602\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nHSR6602 Russian Version\n Fix in progress\nuse mitigations\n JG353A HP HSR6602-G Router\nJG354A HP HSR6602-XG Router\nJG776A HP HSR6602-G TAA Router\nJG777A HP HSR6602-XG TAA Router\n\nA6600\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\nA6600 Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJC566A HP A6600 RSE-X1 Main Processing Unit\nJG780A HP 6600 RSE-X1 Router TAA MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU. JG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n6600 MCP Russian Version\n Fix in progress\nuse mitigations\n JC177A HP 6608 Router\nJC177B HP A6608 Router Chassis\nJC178A HP 6604 Router Chassis\nJC178B HP A6604 Router Chassis\nJC496A HP 6616 Router Chassis\nJG778A HP 6600 MCP-X2 Router TAA MPU\nJG355A HP 6600 MCP-X1 Router MPU\nJG356A HP 6600 MCP-X2 Router MPU\n H3C RT-SR6608-OVS-H3 (0235A32X)\nH3C RT-SR6604-OVS-H3 (0235A37X)\nH3C SR6616 Router Chassis (0235A41D)\n\n5920 Switch Series\n Fix in progress\nuse mitigations\n JG296A HP 5920AF-24XG Switch\nJG555A HP 5920AF-24XG TAA Switch\n\n5900 Switch Series\n Fix in progress\nuse mitigations\n JC772A HP 5900AF-48XG-4QSFP+ Switch\nJG336A HP 5900AF-48XGT-4QSFP+ Switch\nJG510A HP 5900AF-48G-4XG-2QSFP+ Switch\nJG554A HP 5900AF-48XG-4QSFP+ TAA Switch\nJG838A HP FF 5900CP-48XG-4QSFP+ Switch\n\n5900 Virtual Switch\n Fix in progress\nuse mitigations\n JG814AAE HP Virtual Switch 5900v VMware E-LTU\nJG815AAE HP VSO SW for 5900v VMware E-LTU\n\n5830 Switch Series\n Fix in progress\nuse mitigations\n JC691A HP A5830AF-48G Switch w/1 Interface Slot\nJC694A HP A5830AF-96G Switch\nJG316A HP 5830AF-48G TAA Switch w/1 Intf Slot\nJG374A HP 5830AF-96G TAA Switch\n\n5820 Switch Series\n Fix in progress\nuse mitigations\n JC102A HP 5820-24XG-SFP+ Switch\nJC106A HP 5820-14XG-SFP+ Switch with 2 Slots\nJG219A HP 5820AF-24XG Switch\nJG243A HP 5820-24XG-SFP+ TAA-compliant Switch\nJG259A HP 5820X-14XG-SFP+ TAA Switch w 2 Slots\n H3C S5820X-28C 14 port (SFP Plus ) Plus 4-port BT (RJ45) Plus 2 media\nmodules Plus OSM (0235A37L)\nH3C S5820X-28S 24-port 10GBASE-X (SFP Plus ) Plus 4-port 10/100/1000BASE-T\n(RJ45) (0235A370)\n\n5800 Switch Series\n Fix in progress\nuse mitigations\n JC099A HP 5800-24G-PoE Switch\nJC100A HP 5800-24G Switch\nJC101A HP 5800-48G Switch with 2 Slots\nJC103A HP 5800-24G-SFP Switch\nJC104A HP 5800-48G-PoE Switch\nJC105A HP 5800-48G Switch\nJG225A HP 5800AF-48G Switch\nJG242A HP 5800-48G-PoE+ TAA Switch w 2 Slots\nJG254A HP 5800-24G-PoE+ TAA-compliant Switch\nJG255A HP 5800-24G TAA-compliant Switch\nJG256A HP 5800-24G-SFP TAA Switch w 1 Intf Slt\nJG257A HP 5800-48G-PoE+ TAA Switch with 1 Slot\nJG258A HP 5800-48G TAA Switch w 1 Intf Slot\n H3C S5800-32C - 24-port 1BT Plus 4-port (SFP Plus ) Plus 1 media slot\n(0235A36U)\nH3C S5800-32C-PWR - 24-port 10/100/1000BASE-T (RJ45) Plus 4-port 10GBASE-X\n(SFP Plus ) Plus 1 media module PoE (0235A36S)\nH3C S5800-32F 24-port 1000BASE-X (SFP) Plus 4-port 10GBASE-X (SFP Plus ) Plus\nmedia module (no power) (0235A374)\nH3C S5800-56C 48-port 10/100/1000BASE-T (RJ45) Plus 4port 10GBASE-X (SFP Plus\n) Plus media module (0235A379)\nH3C S5800-56C-PWR 48-port BT Plus 4 port (SFP Plus ) Plus media module\n(0235A378)\nH3C S5800-60C-PWR 48-port BT Plus 4-port SFP Plus 2 media modules Plus OSM\n(0235A36W)\n\n5500 HI Switch Series\n Fix in progress\nuse mitigations\n JG311A HP HI 5500-24G-4SFP w/2 Intf Slts Switch\nJG312A HP HI 5500-48G-4SFP w/2 Intf Slts Switch\nJG541A HP 5500-24G-PoE+-4SFP HI Switch w/2 Slt\nJG542A HP 5500-48G-PoE+-4SFP HI Switch w/2 Slt\nJG543A HP 5500-24G-SFP HI Switch w/2 Intf Slt\nJG679A HP 5500-24G-PoE+-4SFP HI TAA Swch w/2Slt\nJG680A HP 5500-48G-PoE+-4SFP HI TAA Swch w/2Slt\nJG681A HP 5500-24G-SFP HI TAA Swch w/2Slt\n\n5500 EI Switch Series\n Fix in progress\nuse mitigations\n JD373A HP 5500-24G DC EI Switch\nJD374A HP 5500-24G-SFP EI Switch\nJD375A HP 5500-48G EI Switch\nJD376A HP 5500-48G-PoE EI Switch\nJD377A HP 5500-24G EI Switch\nJD378A HP 5500-24G-PoE EI Switch\nJD379A HP 5500-24G-SFP DC EI Switch\nJG240A HP 5500-48G-PoE+ EI Switch w/2 Intf Slts\nJG241A HP 5500-24G-PoE+ EI Switch w/2 Intf Slts\nJG249A HP 5500-24G-SFP EI TAA Switch w 2 Slts\nJG250A HP 5500-24G EI TAA Switch w 2 Intf Slts\nJG251A HP 5500-48G EI TAA Switch w 2 Intf Slts\nJG252A HP 5500-24G-PoE+ EI TAA Switch w/2 Slts\nJG253A HP 5500-48G-PoE+ EI TAA Switch w/2 Slts\n H3C S5500-28C-EI Ethernet Switch (0235A253)\nH3C S5500-28F-EI Eth Switch AC Single (0235A24U)\nH3C S5500-52C-EI Ethernet Switch (0235A24X)\nH3C S5500-28C-EI-DC Ethernet Switch (0235A24S)\nH3C S5500-28C-PWR-EI Ethernet Switch (0235A255)\nH3C S5500-28F-EI Eth Swtch DC Single Pwr (0235A259)\nH3C S5500-52C-PWR-EI Ethernet Switch (0235A251)\n\n5500 SI Switch Series\n Fix in progress\nuse mitigations\n JD369A HP 5500-24G SI Switch\nJD370A HP 5500-48G SI Switch\nJD371A HP 5500-24G-PoE SI Switch\nJD372A HP 5500-48G-PoE SI Switch\nJG238A HP 5500-24G-PoE+ SI Switch w/2 Intf Slts\nJG239A HP 5500-48G-PoE+ SI Switch w/2 Intf Slts\n H3C S5500-28C-SI Ethernet Switch (0235A04U)\nH3C S5500-52C-SI Ethernet Switch (0235A04V)\nH3C S5500-28C-PWR-SI Ethernet Switch (0235A05H)\nH3C S5500-52C-PWR-SI Ethernet Switch (0235A05J)\n\n5120 EI Switch Series\n Fix in progress\nuse mitigations\n JE066A HP 5120-24G EI Switch\nJE067A HP 5120-48G EI Switch\nJE068A HP 5120-24G EI Switch with 2 Slots\nJE069A HP 5120-48G EI Switch with 2 Slots\nJE070A HP 5120-24G-PoE EI Switch with 2 Slots\nJE071A HP 5120-48G-PoE EI Switch with 2 Slots\nJG236A HP 5120-24G-PoE+ EI Switch w/2 Intf Slts\nJG237A HP 5120-48G-PoE+ EI Switch w/2 Intf Slts\nJG245A HP 5120-24G EI TAA Switch w 2 Intf Slts\nJG246A HP 5120-48G EI TAA Switch w 2 Intf Slts\nJG247A HP 5120-24G-PoE+ EI TAA Switch w 2 Slts\nJG248A HP 5120-48G-PoE+ EI TAA Switch w 2 Slts\n H3C S5120-24P-EI 24GE Plus 4ComboSFP (0235A0BQ)\nH3C S5120-28C-EI 24GE Plus 4Combo Plus 2Slt (0235A0BS)\nH3C S5120-48P-EI 48GE Plus 4ComboSFP (0235A0BR)\nH3C S5120-52C-EI 48GE Plus 4Combo Plus 2Slt (0235A0BT)\nH3C S5120-28C-PWR-EI 24G Plus 4C Plus 2S Plus POE (0235A0BU)\nH3C S5120-52C-PWR-EI 48G Plus 4C Plus 2S Plus POE (0235A0BV)\n\n5120 SI switch Series\n Fix in progress\nuse mitigations\n JE072A HP 5120-48G SI Switch\nJE073A HP 5120-16G SI Switch\nJE074A HP 5120-24G SI Switch\nJG091A HP 5120-24G-PoE+ (370W) SI Switch\nJG092A HP 5120-24G-PoE+ (170W) SI Switch\n H3C S5120-52P-SI 48GE Plus 4 SFP (0235A41W)\nH3C S5120-20P-SI L2\n16GE Plus 4SFP (0235A42B)\nH3C S5120-28P-SI 24GE Plus 4 SFP (0235A42D)\nH3C S5120-28P-HPWR-SI (0235A0E5)\nH3C S5120-28P-PWR-SI (0235A0E3)\n\n4800 G Switch Series\n Fix in progress\nuse mitigations\n JD007A HP 4800-24G Switch\nJD008A HP 4800-24G-PoE Switch\nJD009A HP 4800-24G-SFP Switch\nJD010A HP 4800-48G Switch\nJD011A HP 4800-48G-PoE Switch\n\n 3Com Switch 4800G 24-Port (3CRS48G-24-91)\n3Com Switch 4800G 24-Port SFP (3CRS48G-24S-91)\n3Com Switch 4800G 48-Port (3CRS48G-48-91)\n3Com Switch 4800G PWR 24-Port (3CRS48G-24P-91)\n3Com Switch 4800G PWR 48-Port (3CRS48G-48P-91)\n\n4510G Switch Series\n Fix in progress\nuse mitigations\n JF428A HP 4510-48G Switch\nJF847A HP 4510-24G Switch\n\n 3Com Switch 4510G 48 Port (3CRS45G-48-91)\n3Com Switch 4510G PWR 24-Port (3CRS45G-24P-91)\n3Com Switch E4510-24G (3CRS45G-24-91)\n\n4210G Switch Series\n Fix in progress\nuse mitigations\n JF844A HP 4210-24G Switch\nJF845A HP 4210-48G Switch\nJF846A HP 4210-24G-PoE Switch\n\n 3Com Switch 4210-24G (3CRS42G-24-91)\n3Com Switch 4210-48G (3CRS42G-48-91)\n3Com Switch E4210-24G-PoE (3CRS42G-24P-91)\n\n3610 Switch Series\n Fix in progress\nuse mitigations\n JD335A HP 3610-48 Switch\nJD336A HP 3610-24-4G-SFP Switch\nJD337A HP 3610-24-2G-2G-SFP Switch\nJD338A HP 3610-24-SFP Switch\n H3C S3610-52P - model LS-3610-52P-OVS (0235A22C)\nH3C S3610-28P - model LS-3610-28P-OVS (0235A22D)\nH3C S3610-28TP - model LS-3610-28TP-OVS (0235A22E)\nH3C S3610-28F - model LS-3610-28F-OVS (0235A22F)\n\n3600 V2 Switch Series\n Fix in progress\nuse mitigations\n JG299A HP 3600-24 v2 EI Switch\nJG300A HP 3600-48 v2 EI Switch\nJG301A HP 3600-24-PoE+ v2 EI Switch\nJG301B HP 3600-24-PoE+ v2 EI Switch\nJG302A HP 3600-48-PoE+ v2 EI Switch\nJG302B HP 3600-48-PoE+ v2 EI Switch\nJG303A HP 3600-24-SFP v2 EI Switch\nJG304A HP 3600-24 v2 SI Switch\nJG305A HP 3600-48 v2 SI Switch\nJG306A HP 3600-24-PoE+ v2 SI Switch\nJG306B HP 3600-24-PoE+ v2 SI Switch\nJG307A HP 3600-48-PoE+ v2 SI Switch\nJG307B HP 3600-48-PoE+ v2 SI Switch\n\n3100V2\n Fix in progress\nuse mitigations\n JD313B HP 3100-24-PoE v2 EI Switch\nJD318B HP 3100-8 v2 EI Switch\nJD319B HP 3100-16 v2 EI Switch\nJD320B HP 3100-24 v2 EI Switch\nJG221A HP 3100-8 v2 SI Switch\nJG222A HP 3100-16 v2 SI Switch\nJG223A HP 3100-24 v2 SI Switch\n\n3100V2-48\n Fix in progress\nuse mitigations\n JG315A HP 3100-48 v2 Switch\n\n1910\n Fix in progress\nuse mitigations\n JE005A HP 1910-16G Switch\nJE006A HP 1910-24G Switch\nJE007A HP 1910-24G-PoE (365W) Switch\nJE008A HP 1910-24G-PoE(170W) Switch\nJE009A HP 1910-48G Switch\nJG348A HP 1910-8G Switch\nJG349A HP 1910-8G-PoE+ (65W) Switch\nJG350A HP 1910-8G-PoE+ (180W) Switch\n 3Com Baseline Plus Switch 2900 Gigabit Family - 52 port (3CRBSG5293)\n3Com Baseline Plus Switch 2900G - 20 port (3CRBSG2093)\n3Com Baseline Plus Switch 2900G - 28 port (3CRBSG2893)\n3Com Baseline Plus Switch 2900G - 28HPWR (3CRBSG28HPWR93)\n3Com Baseline Plus Switch 2900G - 28PWR (3CRBSG28PWR93)\n\n1810v1 P2\n Fix in progress\nuse mitigations\n J9449A HP 1810-8G Switch\nJ9450A HP 1810-24G Switch\n\n1810v1 PK\n Fix in progress\nuse mitigations\n J9660A HP 1810-48G Switch\n\nMSR20\n Fix in progress\nuse mitigations\n JD432A HP A-MSR20-21 Multi-Service Router\nJD662A HP MSR20-20 Multi-Service Router\nJD663A HP MSR20-21 Multi-Service Router\nJD663B HP MSR20-21 Router\nJD664A HP MSR20-40 Multi-Service Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\nH3C MSR 20-20 (0235A19H)\nH3C MSR 20-21 (0235A325)\nH3C MSR 20-40 (0235A19K)\nH3C MSR-20-21 Router (0235A19J)\n\nMSR20-1X\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJD667A HP MSR20-15 IW Multi-Service Router\nJD668A HP MSR20-13 Multi-Service Router\nJD669A HP MSR20-13 W Multi-Service Router\nJD670A HP MSR20-15 A Multi-Service Router\nJD671A HP MSR20-15 AW Multi-Service Router\nJD672A HP MSR20-15 I Multi-Service Router\nJD673A HP MSR20-11 Multi-Service Router\nJD674A HP MSR20-12 Multi-Service Router\nJD675A HP MSR20-12 W Multi-Service Router\nJD676A HP MSR20-12 T1 Multi-Service Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\nJG209A HP MSR20-12-T-W Router (NA)\nJG210A HP MSR20-13-W Router (NA)\n H3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\nH3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-11 (0235A31V)\nH3C MSR 20-12 (0235A32E)\nH3C MSR 20-12 T1 (0235A32B)\nH3C MSR 20-13 (0235A31W)\nH3C MSR 20-13 W (0235A31X)\nH3C MSR 20-15 A (0235A31Q)\nH3C MSR 20-15 A W (0235A31R)\nH3C MSR 20-15 I (0235A31N)\nH3C MSR 20-15 IW (0235A31P)\nH3C MSR20-12 W (0235A32G)\n\nMSR30\n Fix in progress\nuse mitigations\n JD654A HP MSR30-60 POE Multi-Service Router\nJD657A HP MSR30-40 Multi-Service Router\nJD658A HP MSR30-60 Multi-Service Router\nJD660A HP MSR30-20 POE Multi-Service Router\nJD661A HP MSR30-40 POE Multi-Service Router\nJD666A HP MSR30-20 Multi-Service Router\nJF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF232A HP RT-MSR3040-AC-OVS-AS-H3\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C MSR 30-20 RTVZ33020AS Router Host(AC) (0235A20S)\nH3C MSR 30-20 (0235A19L)\nH3C MSR 30-20 POE (0235A239)\nH3C MSR 30-40 (0235A20J)\nH3C MSR 30-40 POE (0235A25R)\nH3C MSR 30-60 (0235A20K)\nH3C MSR 30-60 POE (0235A25S)\nH3C RT-MSR3040-AC-OVS-AS-H3 (0235A20V)\n\nMSR30-16\n Fix in progress\nuse mitigations\n JD659A HP MSR30-16 POE Multi-Service Router\nJD665A HP MSR30-16 Multi-Service Router\nJF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\nH3C MSR 30-16 (0235A237)\nH3C MSR 30-16 POE (0235A238)\n\nMSR30-1X\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\nH3C RT-MSR3011-AC-OVS-H3 (0235A29L)\n\nMSR50\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\n\nMSR50-G2\n Fix in progress\nuse mitigations\n JD429A HP MSR50 G2 Processor Module\nJD429B HP MSR50 G2 Processor Module\n H3C H3C MSR 50 Processor Module-G2 (0231A84Q)\nH3C MSR 50 High Performance Main Processing Unit 3GE (Combo)\n256F/1GD(0231A0KL)\n\nMSR20 Russian version\n Fix in progress\nuse mitigations\n JD663B HP MSR20-21 Router\nJF228A HP MSR20-40 Router\nJF283A HP MSR20-20 Router\n H3C RT-MSR2020-AC-OVS-H3C (0235A324)\nH3C RT-MSR2040-AC-OVS-H3 (0235A326)\n\nMSR20-1X Russian version\n Fix in progress\nuse mitigations\n JD431A HP MSR20-10 Router\nJF236A HP MSR20-15-I Router\nJF237A HP MSR20-15-A Router\nJF238A HP MSR20-15-I-W Router\nJF239A HP MSR20-11 Router\nJF240A HP MSR20-13 Router\nJF241A HP MSR20-12 Router\nJF806A HP MSR20-12-T Router\nJF807A HP MSR20-12-W Router\nJF808A HP MSR20-13-W Router\nJF809A HP MSR20-15-A-W Router\nJF817A HP MSR20-15 Router\n H3C MSR 20-10 (0235A0A7)\nH3C RT-MSR2015-AC-OVS-I-H3 (0235A394)\nH3C RT-MSR2015-AC-OVS-A-H3 (0235A392)\nH3C RT-MSR2015-AC-OVS-AW-H3 (0235A393)\nH3C RT-MSR2011-AC-OVS-H3 (0235A395)\nH3C RT-MSR2013-AC-OVS-H3 (0235A390)\nH3C RT-MSR2012-AC-OVS-H3 (0235A396)\nH3C RT-MSR2012-T-AC-OVS-H3 (0235A398)\nH3C RT-MSR2012-AC-OVS-W-H3 (0235A397)\nH3C RT-MSR2013-AC-OVS-W-H3 (0235A391)\nH3C RT-MSR2015-AC-OVS-IW-H3 (0235A38V)\nH3C MSR 20-15 Router Host(AC) 1 FE 4 LSW 1 ADSLoPOTS 1 DSIC (0235A0A8)\n\nMSR30 Russian version\n Fix in progress\nuse mitigations\n JF229A HP MSR30-40 Router\nJF230A HP MSR30-60 Router\nJF235A HP MSR30-20 DC Router\nJF284A HP MSR30-20 Router\nJF287A HP MSR30-40 DC Router\nJF801A HP MSR30-60 DC Router\nJF802A HP MSR30-20 PoE Router\nJF803A HP MSR30-40 PoE Router\nJF804A HP MSR30-60 PoE Router\n H3C RT-MSR3040-AC-OVS-H (0235A299)\nH3C RT-MSR3060-AC-OVS-H3 (0235A320)\nH3C RT-MSR3020-DC-OVS-H3 (0235A267)\nH3C MSR 30-20 Router (0235A328)\nH3C MSR 30-40 Router Host(DC) (0235A268)\nH3C RT-MSR3060-DC-OVS-H3 (0235A269)\nH3C RT-MSR3020-AC-POE-OVS-H3 (0235A322)\nH3C RT-MSR3040-AC-POE-OVS-H3 (0235A323)\nH3C RT-MSR3060-AC-POE-OVS-H3 (0235A296)\n\nMSR30-1X Russian version\n Fix in progress\nuse mitigations\n JF800A HP MSR30-11 Router\nJF816A HP MSR30-10 2 FE /2 SIC /1 MIM MS Rtr\nJG182A HP MSR30-11E Router\nJG183A HP MSR30-11F Router\nJG184A HP MSR30-10 DC Router\n H3C RT-MSR3011-AC-OVS-H3 (0235A29L)\nH3C MSR 30-10 Router Host(AC) 2FE 2SIC 1XMIM 256DDR (0235A39H)\n\nMSR30-16 Russian version\n Fix in progress\nuse mitigations\n JF233A HP MSR30-16 Router\nJF234A HP MSR30-16 PoE Router\n H3C RT-MSR3016-AC-OVS-H3 (0235A327)\nH3C RT-MSR3016-AC-POE-OVS-H3 (0235A321)\n\nMSR50 Russian version\n Fix in progress\nuse mitigations\n JD433A HP MSR50-40 Router\nJD653A HP MSR50 Processor Module\nJD655A HP MSR50-40 Multi-Service Router\nJD656A HP MSR50-60 Multi-Service Router\nJF231A HP MSR50-60 Router\nJF285A HP MSR50-40 DC Router\nJF640A HP MSR50-60 Rtr Chassis w DC PwrSupply\n H3C MSR 50-40 Router (0235A297)\nH3C MSR 50 Processor Module (0231A791)\nH3C MSR 50-40 Chassis (0235A20N)\nH3C MSR 50-60 Chassis (0235A20L)\nH3C RT-MSR5060-AC-OVS-H3 (0235A298)\nH3C MSR5040-DC-OVS-H3C (0235A20P)\n\nMSR50 G2 Russian version\n Fix in progress\nuse mitigations\n JD429B HP MSR50 G2 Processor Module\n H3C MSR 50 High Performance Main Processing Unit 3GE (Combo) 256F/1GD\n(0231A0KL)\n\nMSR9XX\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\nJG207A HP MSR900-W Router (NA)\nJG208A HP MSR920-W Router (NA)\n H3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b\n(0235A0C2)\nH3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\n\nMSR9XX Russian version\n Fix in progress\nuse mitigations\n JF812A HP MSR900 Router\nJF813A HP MSR920 Router\nJF814A HP MSR900-W Router\nJF815A HP MSR920 2FEWAN/8FELAN/.11b/g Rtr\n H3C MSR 900 Router 2 FE WAN 4 FE LAN 256DDR (0235A0BX)\nH3C MSR 920 Router 2 FE WAN 8 FE LAN 256DDR (0235A0C0)\nH3C MSR 900 Router with 802.11b/g 2 FE WAN 4 FE LAN 256DDR 802.11b (0235A0C2)\nH3C MSR 920 Router with 802.11b/g 2 FE WAN 8 FE LAN 256DDR (0235A0C4)\n\nMSR93X\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR93X Russian version\n Fix in progress\nuse mitigations\n JG511A HP MSR930 Router\nJG512A HP MSR930 Wireless Router\nJG513A HP MSR930 3G Router\nJG514A HP MSR931 Router\nJG515A HP MSR931 3G Router\nJG516A HP MSR933 Router\nJG517A HP MSR933 3G Router\nJG518A HP MSR935 Router\nJG519A HP MSR935 Wireless Router\nJG520A HP MSR935 3G Router\nJG531A HP MSR931 Dual 3G Router\nJG596A HP MSR930 4G LTE/3G CDMA Router\nJG597A HP MSR936 Wireless Router\nJG665A HP MSR930 4G LTE/3G WCDMA Global Router\nJG704A HP MSR930 4G LTE/3G WCDMA ATT Router\n\nMSR1000\n Fix in progress\nuse mitigations\n JG732A HP MSR1003-8 AC Router\n\nMSR2000\n Fix in progress\nuse mitigations\n JG411A HP MSR2003 AC Router\n\nMSR3000\n Fix in progress\nuse mitigations\n JG404A HP MSR3064 Router\nJG405A HP MSR3044 Router\nJG406A HP MSR3024 AC Router\nJG409A HP MSR3012 AC Router\nJG861A HP MSR3024 TAA-compliant AC Router\n\nMSR4000\n Fix in progress\nuse mitigations\n JG402A HP MSR4080 Router Chassis\nJG403A HP MSR4060 Router Chassis\nJG412A HP MSR4000 MPU-100 Main Processing Unit\n\nF5000\n Fix in progress\nuse mitigations\n JG216A HP F5000 Firewall Standalone Chassis\nJD259A HP A5000-A5 VPN Firewall Chassis\n H3C SecPath F5000-A5 Host System (0150A0AG)\n\nU200S and CS\n Fix in progress\nuse mitigations\n JD268A HP 200-CS UTM Appliance\nJD273A HP U200-S UTM Appliance\n H3C SecPath U200-S (0235A36N)\n\nU200A and M\n Fix in progress\nuse mitigations\n JD274A HP 200-M UTM Appliance\nJD275A HP U200-A UTM Appliance\n H3C SecPath U200-A (0235A36Q)\n\nF1000A and S\n Fix in progress\nuse mitigations\n JD270A HP S1000-S VPN Firewall Appliance\nJD271A HP S1000-A VPN Firewall Appliance\nJG213A HP F1000-S-EI VPN Firewall Appliance\nJG214A HP F1000-A-EI VPN Firewall Appliance\n\nSecBlade FW\n Fix in progress\nuse mitigations\n JC635A HP 12500 VPN Firewall Module\nJD245A HP 9500 VPN Firewall Module\nJD249A HP 10500/7500 Advanced VPN Firewall Mod\nJD250A HP 6600 Firewall Processing Rtr Module\nJD251A HP 8800 Firewall Processing Module\nJD255A HP 5820 VPN Firewall Module\n H3C S9500E SecBlade VPN Firewall Module (0231A0AV)\nH3C S7500E SecBlade VPN Firewall Module (0231A832)\nH3C SR66 Gigabit Firewall Module (0231A88A)\nH3C SR88 Firewall Processing Module (0231A88L)\nH3C S5820 SecBlade VPN Firewall Module (0231A94J)\n\nF1000E\n Fix in progress\nuse mitigations\n JD272A HP S1000-E VPN Firewall Appliance\n\nVSR1000\n Fix in progress\nuse mitigations\n JG810AAE HP VSR1001 Virtual Services Router\nJG811AAE HP VSR1001 Virtual Services Router\nJG812AAE HP VSR1004 Virtual Services Router\nJG813AAE HP VSR1008 Virtual Services Router\n\nWX5002/5004\n Fix in progress\nuse mitigations\n JD441A HP 5800 ACM for 64-256 APs\nJD447B HP WX5002 Access Controller\nJD448A HP A-WX5004 Access Controller\nJD448B HP WX5004 Access Controller\nJD469A HP A-WX5004 (3Com) Access Controller\nJG261A HP 5800 Access Controller OAA TAA Mod\n\nHP 850/870\n Fix in progress\nuse mitigations\n JG723A HP 870 Unified Wired-WLAN Appliance\nJG725A HP 870 Unifd Wrd-WLAN TAA Applnc\n\nHP 830\n Fix in progress\nuse mitigations\n JG640A HP 830 24P PoE+ Unifd Wired-WLAN Swch\nJG641A HP 830 8P PoE+ Unifd Wired-WLAN Swch\nJG646A HP 830 24-Port PoE+ Wrd-WLAN TAA Switch\nJG647A HP 830 8-Port PoE+ Wrd-WLAN TAA Switch\n\nHP 6000\n Fix in progress\nuse mitigations\n JG639A HP 10500/7500 20G Unified Wired-WLAN Mod\nJG645A HP 10500/7500 20G Unifd Wrd-WLAN TAA Mod\n\nM220\n Fix in progress\nuse mitigations\n J9798A HP M220 802.11n AM Access Point\nJ9799A HP M220 802.11n WW Access Point\n\nNGFW\n Fix in progress\nuse mitigations\n JC882A HP S1050F NGFW Aplnc w/DVLabs 1-yr Lic\nJC883A HP S3010F NGFW Aplnc w/DVLabs 1-yr Lic\nJC884A HP S3020F NGFW Aplnc w/DVLabs 1-yr Lic\nJC885A HP S8005F NGFW Aplnc w/DVLabs 1-yr Lic\nJC886A HP S8010F NGFW Aplnc w/DVLabs 1-yr Lic\n\niMC UAM 7.0\n Fix in progress\nuse mitigations\n JD144A HP IMC UAM S/W Module w/200-User License\nJF388A HP IMC UAM S/W Module w/200-user License\nJD435A HP IMC EAD Client Software\nJF388AAE HP IMC UAM S/W Module w/200-user E-LTU\nJG752AAE HP IMC UAM SW Mod w/ 50-user E-LTU\n\niMC EAD 7.0\n Fix in progress\nuse mitigations\n JF391AAE HP IMC EAD S/W Module w/200-user E-LTU\nJG754AAE HP IMC EAD SW Module w/ 50-user E-LTU\nJD147A HP IMC Endpoint Admission Defense Software Module with 200-user\nLicense\nJF391A HP IMC EAD S/W Module w/200-user License\n\niMC PLAT 7.0\n Fix in progress\nuse mitigations\n JF377AAE HP IMC Standard Edition Software Platform with 100-node E-LTU\nJG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU\nJG747AAE HP IMC Standard Software Platform with 50-node E-LTU\nJG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU\nJD125A HP IMC Standard Edition Software Platform with 100-node License\nJD815A HP IMC Standard Edition Software Platform with 100-node License\nJD816A HP A-IMC Standard Edition Software DVD Media\nJF377A HP IMC Standard Edition Software Platform with 100-node License\nJF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU\nJF289AAE HP Enterprise Management System to Intelligent Management Center\nUpgrade E-LTU\nTJ635AAE HP IMC for ANM 50 node pack SW E-LTU (On HP Softwares CPL\nnot HPNs)\nJF378AAE HP IMC Enterprise Edition Software Platform with 200-Node E-LTU\nJG748AAE HP IMC Enterprise Software Platform with 50-node E-LTU\nJD126A HP A-IMC Enterprise Software Platform with 200-node License\nJD808A HP A-IMC Enterprise Software Platform with 200-node License\nJD814A HP A-IMC Enterprise Edition Software DVD Media\nJF378A HP IMC Enterprise Edition Software Platform with 200-node License\nJG546AAE HP IMC Basic SW Platform w/50-node E-LTU\nJG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU\nJG550AAE HP PMM to IMC Bsc WLM Upgr w/150 AP E-LTU\nJG590AAE HP IMC Bsc WLAN Mgr SW Pltfm 50 AP E-LTU\nJG659AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU\nJG660AAE HP IMC Smart Connect w / WLAN Manager Virtual Appliance Edition\nE-LTU\nJG767AAE HP IMC Smart Connect with Wireless Service Manager Virtual Appliance\nSoftware E-LTU\n\nHISTORY\nVersion:1 (rev.1) - 20 June 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel.  For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2014 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.13 (GNU/Linux)\n\niEYEARECAAYFAlOkrM4ACgkQ4B86/C0qfVn7/QCeK5T1H9dXfVQgIKSr5USqLmvq\nCtMAnjujH7e5aXfIOvxyyuB0FcSwIWCM\n=CEL7\n-----END PGP SIGNATURE-----\n. \nOpenSSL is a 3rd party product that is embedded with some HP printer\nproducts. This bulletin notifies HP Printer customers about impacted\nproducts. To obtain the updated firmware, go to www.hp.com and follow\nthese steps:\n\nSelect \"Drivers & Software\". \nEnter the appropriate product name listed in the table below into the search\nfield. \nClick on \"Search\". \nClick on the appropriate product. \nUnder \"Select operating system\" click on \"Cross operating system (BIOS,\nFirmware, Diagnostics, etc.)\"\nNote: If the \"Cross operating system ...\" link is not present, select\napplicable Windows operating system from the list. \nSelect the appropriate firmware update under \"Firmware\". \n\nFirmware Updates Table\n\nProduct Name\n Model Number\n Firmware Revision\n\nHP Color LaserJet CM4540 MFP\n CC419A, CC420A, CC421A\n v 2302963_436067 (or higher)\n\nHP Color LaserJet CP5525\n CE707A,CE708A,CE709A\n v 2302963_436070 (or higher)\n\nHP Color LaserJet Enterprise M750\n D3L08A, D3L09A, D3L10A\n v 2302963_436077 (or higher)\n\nHP Color LaserJet M651\n CZ255A, CZ256A, CZ257A, CZ258A\n v 2302963_436073 (or higher)\n\nHP Color LaserJet M680\n CZ248A, CZ249A\n v 2302963_436072 (or higher)\n\nHP Color LaserJet Flow M680\n CZ250A, CA251A\n v 2302963_436072 (or higher)\n\nHP LaserJet Enterprise 500 color MFP M575dn\n CD644A, CD645A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise 500 MFP M525f\n CF116A, CF117A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise 600 M601 Series\n CE989A, CE990A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M602 Series\n CE991A, CE992A, CE993A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise 600 M603 Series\n CE994A, CE995A, CE996A\n v 2302963_436082 (or higher)\n\nHP LaserJet Enterprise MFP M630 series\n B3G84A, B3G85A, B3G86A, J7X28A\n v 2303714_233000041 (or higher)\n\nHP LaserJet Enterprise 700 color M775 series\n CC522A, CC523A, CC524A, CF304A\n v 2302963_436079 (or higher)\n\nHP LaserJet Enterprise 700 M712 series\n CF235A, CF236A, CF238A\n v 2302963_436080 (or higher)\n\nHP LaserJet Enterprise 800 color M855\n A2W77A, A2W78A, A2W79A\n v 2302963_436076 (or higher)\n\nHP LaserJet Enterprise 800 color MFP M880\n A2W76A, A2W75A, D7P70A, D7P71A\n v 2302963_436068 (or higher)\n\nHP LaserJet Enterprise Color 500 M551 Series\n CF081A,CF082A,CF083A\n v 2302963_436083 (or higher)\n\nHP LaserJet Enterprise color flow MFP M575c\n CD646A\n v 2302963_436081 (or higher)\n\nHP LaserJet Enterprise flow M830z MFP\n CF367A\n v 2302963_436071 (or higher)\n\nHP LaserJet Enterprise flow MFP M525c\n CF118A\n v 2302963_436069 (or higher)\n\nHP LaserJet Enterprise M4555 MFP\n CE502A,CE503A, CE504A, CE738A\n v 2302963_436064 (or higher)\n\nHP LaserJet Enterprise M806\n CZ244A, CZ245A\n v 2302963_436075 (or higher)\n\nHP LaserJet Enterprise MFP M725\n CF066A, CF067A, CF068A, CF069A\n v 2302963_436078 (or higher)\n\nHP Scanjet Enterprise 8500 Document Capture Workstation\n L2717A, L2719A\n v 2302963_436065 (or higher)\n\nOfficeJet Enterprise Color MFP X585\n B5L04A, B5L05A,B5L07A\n v 2302963_436066 (or higher)\n\nOfficeJet Enterprise Color X555\n C2S11A, C2S12A\n v 2302963_436074 (or higher)\n\nHP Color LaserJet CP3525\n CC468A, CC469A, CC470A, CC471A\n v 06.183.1 (or higher)\n\nHP LaserJet M4345 Multifunction Printer\n CB425A, CB426A, CB427A, CB428A\n v 48.306.1 (or higher)\n\nHP LaserJet M5025 Multifunction Printer\n Q7840A\n v 48.306.1 (or higher)\n\nHP Color LaserJet CM6040 Multifunction Printer\n Q3938A, Q3939A\n v 52.256.1 (or higher)\n\nHP Color LaserJet Enterprise CP4525\n CC493A, CC494A, CC495A\n v 07.164.1 (or higher)\n\nHP Color LaserJet Enterprise CP4025\n CC489A, CC490A\n v 07.164.1 (or higher)\n\nHP LaserJet M5035 Multifunction Printer\n Q7829A, Q7830A, Q7831A\n v 48.306.1 (or higher)\n\nHP LaserJet M9050 Multifunction Printer\n CC395A\n v 51.256.1 (or higher)\n\nHP LaserJet M9040 Multifunction Printer\n CC394A\n v 51.256.1 (or higher)\n\nHP Color LaserJet CM4730 Multifunction Printer\n CB480A, CB481A, CB482A, CB483A\n v 50.286.1 (or higher)\n\nHP LaserJet M3035 Multifunction Printer\n CB414A, CB415A, CC476A, CC477A\n v 48.306.1 (or higher)\n\nHP 9250c Digital Sender\n CB472A\n v 48.293.1 (or higher)\n\nHP LaserJet Enterprise P3015\n CE525A,CE526A,CE527A,CE528A,CE595A\n v 07.186.1 (or higher)\n\nHP LaserJet M3027 Multifunction Printer\n CB416A, CC479A\n v 48.306.1 (or higher)\n\nHP LaserJet CM3530 Multifunction Printer\n CC519A, CC520A\n v 53.236.1 (or higher)\n\nHP Color LaserJet CP6015\n Q3931A, Q3932A, Q3933A, Q3934A, Q3935A\n v 04.203.1 (or higher)\n\nHP LaserJet P4515\n CB514A,CB515A, CB516A, CB517A\n v 04.213.1 (or higher)\n\nHP Color LaserJet CM6030 Multifunction Printer\n CE664A, CE665A\n v 52.256.1 (or higher)\n\nHP LaserJet P4015\n CB509A, CB526A, CB511A, CB510A\n v 04.213.1 (or higher)\n\nHP LaserJet P4014\n CB507A, CB506A, CB512A\n v 04.213.1 (or higher)\n\nHISTORY\nVersion:1 (rev.1) - 22 September 2014 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer's patch management policy",
      sources: [
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
         {
            db: "BID",
            id: "67899",
         },
         {
            db: "VULMON",
            id: "CVE-2014-0224",
         },
         {
            db: "PACKETSTORM",
            id: "127936",
         },
         {
            db: "PACKETSTORM",
            id: "127166",
         },
         {
            db: "PACKETSTORM",
            id: "127630",
         },
         {
            db: "PACKETSTORM",
            id: "127422",
         },
         {
            db: "PACKETSTORM",
            id: "127403",
         },
         {
            db: "PACKETSTORM",
            id: "127190",
         },
         {
            db: "PACKETSTORM",
            id: "128345",
         },
      ],
      trust: 1.89,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2014-0224",
            trust: 2.7,
         },
         {
            db: "JUNIPER",
            id: "JSA10629",
            trust: 1.9,
         },
         {
            db: "CERT/CC",
            id: "VU#978508",
            trust: 1.9,
         },
         {
            db: "MCAFEE",
            id: "SB10075",
            trust: 1.9,
         },
         {
            db: "SECUNIA",
            id: "59824",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59310",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59380",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59661",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59162",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59666",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59191",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59188",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60176",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59375",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59101",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59441",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59163",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59142",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59126",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59186",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60567",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59189",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59437",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59445",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58639",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59282",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59132",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59506",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59383",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59135",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59342",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59659",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59364",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58492",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60066",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58337",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60571",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59192",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58667",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59223",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59004",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59459",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59990",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59214",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59338",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59438",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59429",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59287",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60577",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59530",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59448",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58759",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59012",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59894",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59175",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59055",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59669",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59368",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59518",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58714",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58716",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60049",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59043",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59655",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59878",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59370",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59449",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59435",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59491",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59495",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59514",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59120",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58579",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59721",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59529",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59284",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59389",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58745",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59167",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58128",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58977",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59442",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59040",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58939",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59784",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59093",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59454",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59885",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58660",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59460",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59354",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58743",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59362",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58945",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59446",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59602",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59305",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58433",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59502",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59374",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59264",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59528",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58713",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59325",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59450",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58385",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60819",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59525",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59490",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59231",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59365",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "61254",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59301",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59440",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59202",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59451",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59190",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59447",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59589",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "60522",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58742",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59677",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59300",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59306",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "61815",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59413",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59483",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59063",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58719",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59444",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59211",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59827",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59215",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59347",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58930",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "59916",
            trust: 1.6,
         },
         {
            db: "SECUNIA",
            id: "58615",
            trust: 1.6,
         },
         {
            db: "SIEMENS",
            id: "SSA-234763",
            trust: 1.6,
         },
         {
            db: "SECTRACK",
            id: "1031594",
            trust: 1.6,
         },
         {
            db: "SECTRACK",
            id: "1031032",
            trust: 1.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.4645",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2022.0696",
            trust: 0.6,
         },
         {
            db: "LENOVO",
            id: "LEN-24443",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
            trust: 0.6,
         },
         {
            db: "DLINK",
            id: "SAP10045",
            trust: 0.3,
         },
         {
            db: "DLINK",
            id: "SAP10046",
            trust: 0.3,
         },
         {
            db: "JUNIPER",
            id: "JSA10643",
            trust: 0.3,
         },
         {
            db: "JUNIPER",
            id: "JSA10659",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-17-094-04",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-14-198-03F",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-14-198-03G",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-14-198-03B",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-14-198-03C",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-14-198-03",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-14-198-03D",
            trust: 0.3,
         },
         {
            db: "JVN",
            id: "JVN61247051",
            trust: 0.3,
         },
         {
            db: "BID",
            id: "67899",
            trust: 0.3,
         },
         {
            db: "VULMON",
            id: "CVE-2014-0224",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "127936",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "127166",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "127630",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "127422",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "127403",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "127190",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "128345",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2014-0224",
         },
         {
            db: "BID",
            id: "67899",
         },
         {
            db: "PACKETSTORM",
            id: "127936",
         },
         {
            db: "PACKETSTORM",
            id: "127166",
         },
         {
            db: "PACKETSTORM",
            id: "127630",
         },
         {
            db: "PACKETSTORM",
            id: "127422",
         },
         {
            db: "PACKETSTORM",
            id: "127403",
         },
         {
            db: "PACKETSTORM",
            id: "127190",
         },
         {
            db: "PACKETSTORM",
            id: "128345",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   id: "VAR-201406-0445",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.4594171644,
   },
   last_update_date: "2024-07-23T21:30:24.345000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "openssl-1.0.1h",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51081",
         },
         {
            title: "openssl-1.0.0m",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51080",
         },
         {
            title: "openssl-0.9.8za",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=51079",
         },
         {
            title: "Amazon Linux AMI: ALAS-2014-351",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2014-351",
         },
         {
            title: "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=d0eef6c81e529a1b8e4ea4b72eaef4d0",
         },
         {
            title: "Amazon Linux AMI: ALAS-2014-350",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2014-350",
         },
         {
            title: "Siemens Security Advisories: Siemens Security Advisory",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=b92b65104373bc8476811ff1b99cd369",
         },
         {
            title: "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=a7d1e620ea07a6fd4d3ec24012763337",
         },
         {
            title: "Red Hat: CVE-2014-0224",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2014-0224",
         },
         {
            title: "Ubuntu Security Notice: openssl regression",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2232-3",
         },
         {
            title: "HP: HPSBPI03107 rev.3  -  Certain HP LaserJet Printers, MFPs and Certain HP OfficeJet Enterprise Printers using OpenSSL, Remote Unauthorized Access",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=hpsbpi03107",
         },
         {
            title: "Ubuntu Security Notice: openssl vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2232-4",
         },
         {
            title: "Ubuntu Security Notice: openssl vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2232-1",
         },
         {
            title: "Ubuntu Security Notice: openssl regression",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-2232-2",
         },
         {
            title: "Debian Security Advisories: DSA-2950-1 openssl -- security update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=909292f2afe623fbec51f7ab6b32f790",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssl: CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, CVE-2014-3470",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=07d14df4883f21063a053cea8d2239c6",
         },
         {
            title: "Tenable Security Advisories: [R8] Tenable Products Affected by OpenSSL 'CCS Injection' Vulnerability",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=tns-2014-03",
         },
         {
            title: "Amazon Linux AMI: ALAS-2014-349",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2014-349",
         },
         {
            title: "Debian CVElist Bug Report Logs: virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=eee4d8c3e2b11de5b15ee65d96af6c60",
         },
         {
            title: "Symantec Security Advisories: SA80 : OpenSSL Security Advisory 05-Jun-2014",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=dd4667746d163d08265dfdd4c98e4201",
         },
         {
            title: "Citrix Security Bulletins: Citrix Security Advisory for OpenSSL Vulnerabilities (June 2014)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=citrix_security_bulletins&qid=afbd3a710e98424e558b1b21482abad6",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2014-0224 ",
         },
         {
            title: "crochet-technologies",
            trust: 0.1,
            url: "https://github.com/crochet-technology/crochet-technologies ",
         },
         {
            title: "openssl-ccs-cve-2014-0224",
            trust: 0.1,
            url: "https://github.com/ssllabs/openssl-ccs-cve-2014-0224 ",
         },
         {
            title: "android-development-best-practices",
            trust: 0.1,
            url: "https://github.com/niharika2810/android-development-best-practices ",
         },
         {
            title: "ssl-grader",
            trust: 0.1,
            url: "https://github.com/sslyze410-sslgrader-wciphersuite-info/ssl-grader ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/dtarnawsky/capacitor-plugin-security-provider ",
         },
         {
            title: "qualysparser",
            trust: 0.1,
            url: "https://github.com/pr4jwal/qualysparser ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/wanderwille/13.01 ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2014-0224",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-326",
            trust: 1,
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.5,
            url: "http://support.citrix.com/article/ctx140876",
         },
         {
            trust: 2.5,
            url: "http://www.vmware.com/security/advisories/vmsa-2014-0006.html",
         },
         {
            trust: 2.2,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676615",
         },
         {
            trust: 2.2,
            url: "http://www.ibm.com/support/docview.wss?uid=swg21676793",
         },
         {
            trust: 2.2,
            url: "http://www.ibm.com/support/docview.wss?uid=isg3t1020948",
         },
         {
            trust: 2.2,
            url: "http://www.ibm.com/support/docview.wss?uid=swg1it02314",
         },
         {
            trust: 2.2,
            url: "http://www.ibm.com/support/docview.wss?uid=swg21676877",
         },
         {
            trust: 2.2,
            url: "http://www.vmware.com/security/advisories/vmsa-2014-0012.html",
         },
         {
            trust: 2.2,
            url: "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-345106.htm",
         },
         {
            trust: 2.2,
            url: "http://www.ibm.com/support/docview.wss?uid=ssg1s1004678",
         },
         {
            trust: 2.2,
            url: "http://www.ibm.com/support/docview.wss?uid=swg21676356",
         },
         {
            trust: 2.2,
            url: "http://www.ibm.com/support/docview.wss?uid=swg24037783",
         },
         {
            trust: 2,
            url: "http://www.openssl.org/news/secadv_20140605.txt",
         },
         {
            trust: 1.9,
            url: "http://kb.juniper.net/infocenter/index?page=content&id=kb29217",
         },
         {
            trust: 1.9,
            url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10629",
         },
         {
            trust: 1.9,
            url: "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues1",
         },
         {
            trust: 1.9,
            url: "https://blogs.oracle.com/sunsecurity/entry/cve_2014_0224_cryptographic_issues",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678167",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678233",
         },
         {
            trust: 1.9,
            url: "http://kb.juniper.net/infocenter/index?page=content&id=kb29195",
         },
         {
            trust: 1.9,
            url: "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html",
         },
         {
            trust: 1.9,
            url: "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory9.asc",
         },
         {
            trust: 1.9,
            url: "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
         },
         {
            trust: 1.9,
            url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
         },
         {
            trust: 1.9,
            url: "http://www.f-secure.com/en/web/labs_global/fsc-2014-6",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037730",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037727",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676655",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675821",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676071",
         },
         {
            trust: 1.9,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095757",
         },
         {
            trust: 1.9,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095756",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676833",
         },
         {
            trust: 1.9,
            url: "https://kb.bluecoat.com/index?page=content&id=sa80",
         },
         {
            trust: 1.9,
            url: "https://kc.mcafee.com/corporate/index?page=content&id=sb10075",
         },
         {
            trust: 1.9,
            url: "http://www.fortiguard.com/advisory/fg-ir-14-018/",
         },
         {
            trust: 1.9,
            url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20140605-openssl",
         },
         {
            trust: 1.9,
            url: "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
         },
         {
            trust: 1.9,
            url: "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
         },
         {
            trust: 1.9,
            url: "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
         },
         {
            trust: 1.9,
            url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020172",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21675626",
         },
         {
            trust: 1.9,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0630.html",
         },
         {
            trust: 1.9,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0631.html",
         },
         {
            trust: 1.9,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0633.html",
         },
         {
            trust: 1.9,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0632.html",
         },
         {
            trust: 1.9,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0627.html",
         },
         {
            trust: 1.9,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0680.html",
         },
         {
            trust: 1.9,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095755",
         },
         {
            trust: 1.9,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095754",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21683332",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677695",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676644",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676879",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676529",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677836",
         },
         {
            trust: 1.9,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095740",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676501",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676035",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677828",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21673137",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676419",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677131",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676496",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676478",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676062",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037731",
         },
         {
            trust: 1.9,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037732",
         },
         {
            trust: 1.9,
            url: "http://www.kb.cert.org/vuls/id/978508",
         },
         {
            trust: 1.7,
            url: "http://security.gentoo.org/glsa/glsa-201407-05.xml",
         },
         {
            trust: 1.6,
            url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05301946",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59661",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59301",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59300",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59784",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59413",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59655",
         },
         {
            trust: 1.6,
            url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60522",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59659",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140317760000786&w=2",
         },
         {
            trust: 1.6,
            url: "https://cert-portal.siemens.com/productcert/pdf/ssa-234763.pdf",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=141383465822787&w=2",
         },
         {
            trust: 1.6,
            url: "https://access.redhat.com/site/blogs/766093/posts/908133",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140784085708882&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59310",
         },
         {
            trust: 1.6,
            url: "http://linux.oracle.com/errata/elsa-2014-1053.html",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59666",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58337",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58579",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59305",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59306",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59669",
         },
         {
            trust: 1.6,
            url: "http://dev.mysql.com/doc/relnotes/workbench/en/wb-news-6-1-7.html",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59429",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676333",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676334",
         },
         {
            trust: 1.6,
            url: "http://ccsinjection.lepidum.co.jp",
         },
         {
            trust: 1.6,
            url: "http://support.apple.com/kb/ht6443",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140266410314613&w=2",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140852757108392&w=2",
         },
         {
            trust: 1.6,
            url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&id=6061&myns=phmc&mync=e",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58667",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59514",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59878",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59518",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140870499402361&w=2",
         },
         {
            trust: 1.6,
            url: "http://www.blackberry.com/btsc/kb36051",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60066",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=141025641601169&w=2",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140386311427810&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59093",
         },
         {
            trust: 1.6,
            url: "http://www.websense.com/support/article/kbarticle/vulnerabilities-resolved-in-triton-apx-version-8-0",
         },
         {
            trust: 1.6,
            url: "http://lists.opensuse.org/opensuse-updates/2015-02/msg00030.html",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140369637402535&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59530",
         },
         {
            trust: 1.6,
            url: "http://www.novell.com/support/kb/doc.php?id=7015264",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59894",
         },
         {
            trust: 1.6,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136470.html",
         },
         {
            trust: 1.6,
            url: "http://seclists.org/fulldisclosure/2014/jun/38",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58433",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59885",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59525",
         },
         {
            trust: 1.6,
            url: "https://filezilla-project.org/versions.php?type=server",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=141147110427269&w=2",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677567",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59529",
         },
         {
            trust: 1.6,
            url: "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_mssql.pdf",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59528",
         },
         {
            trust: 1.6,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2014:105",
         },
         {
            trust: 1.6,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2014:106",
         },
         {
            trust: 1.6,
            url: "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59063",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=141383410222440&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59186",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59189",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/61815",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140604261522465&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59188",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60049",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140544599631400&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/61254",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59190",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140431828824371&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59192",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59191",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59990",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58660",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59502",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59506",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60176",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59040",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59282",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59163",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59284",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59162",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59043",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59167",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59287",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58742",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676845",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58743",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58745",
         },
         {
            trust: 1.6,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0624.html",
         },
         {
            trust: 1.6,
            url: "https://www.imperialviolet.org/2014/06/05/earlyccs.html",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59055",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59175",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140794476212181&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59721",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140482916501310&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59602",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58759",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58639",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140621259019789&w=2",
         },
         {
            trust: 1.6,
            url: "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&id=6060&myns=phmc&mync=e",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=142350350616251&w=2",
         },
         {
            trust: 1.6,
            url: "http://www.securitytracker.com/id/1031032",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59380",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59383",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59264",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59142",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=141658880509699&w=2",
         },
         {
            trust: 1.6,
            url: "http://rhn.redhat.com/errata/rhsa-2014-0626.html",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59389",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140983229106599&w=2",
         },
         {
            trust: 1.6,
            url: "http://www.splunk.com/view/sp-caaam2d",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140491231331543&w=2",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677390",
         },
         {
            trust: 1.6,
            url: "http://www.kerio.com/support/kerio-control/release-history",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60819",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037729",
         },
         {
            trust: 1.6,
            url: "http://seclists.org/fulldisclosure/2014/dec/23",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140904544427729&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58977",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59824",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58615",
         },
         {
            trust: 1.6,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1103586",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59827",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001843",
         },
         {
            trust: 1.6,
            url: "https://www.arista.com/en/support/advisories-notices/security-advisories/941-security-advisory-0005",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001841",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59120",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59362",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59483",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59365",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59364",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59004",
         },
         {
            trust: 1.6,
            url: "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676889",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140448122410568&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58945",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59916",
         },
         {
            trust: 1.6,
            url: "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html",
         },
         {
            trust: 1.6,
            url: "http://esupport.trendmicro.com/solution/en-us/1103813.aspx",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg1iv61506",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59370",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59491",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59490",
         },
         {
            trust: 1.6,
            url: "http://puppetlabs.com/security/cve/cve-2014-0224",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59132",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59374",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59495",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59012",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59375",
         },
         {
            trust: 1.6,
            url: "http://www.novell.com/support/kb/doc.php?id=7015300",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140499864129699&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59135",
         },
         {
            trust: 1.6,
            url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-august/136473.html",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=142805027510172&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59126",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59368",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58713",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=nas8n1020163",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58714",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58716",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58719",
         },
         {
            trust: 1.6,
            url: "http://www.securitytracker.com/id/1031594",
         },
         {
            trust: 1.6,
            url: "http://www.tenable.com/blog/nessus-527-and-pvs-403-are-available-for-download",
         },
         {
            trust: 1.6,
            url: "http://www.securityfocus.com/archive/1/534161/100/0/threaded",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677080",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58492",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59460",
         },
         {
            trust: 1.6,
            url: "https://www.intersectalliance.com/wp-content/uploads/release_notes/releasenotes_for_snare_for_windows.pdf",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59101",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59342",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59223",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59215",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60567",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004690",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59214",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58128",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59338",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59459",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676786",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678289",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=142546741516006&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59231",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59354",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58385",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59347",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59589",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60577",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140852826008699&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58930",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037761",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=141164638606214&w=2",
         },
         {
            trust: 1.6,
            url: "http://www.innominate.com/data/downloads/manuals/mdm_1.5.2.1_release_notes.pdf",
         },
         {
            trust: 1.6,
            url: "https://discussions.nessus.org/thread/7517",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676536",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/58939",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/60571",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140752315422991&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59440",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59442",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59441",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59202",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59444",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59435",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59677",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140389355508263&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59437",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24037870",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59438",
         },
         {
            trust: 1.6,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095737",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140389274407904&w=2",
         },
         {
            trust: 1.6,
            url: "https://www.novell.com/support/kb/doc.php?id=7015271",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59451",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59450",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59211",
         },
         {
            trust: 1.6,
            url: "https://www.ibm.com/support/docview.wss?uid=ssg1s1004670",
         },
         {
            trust: 1.6,
            url: "http://marc.info/?l=bugtraq&m=140672208601650&w=2",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59454",
         },
         {
            trust: 1.6,
            url: "https://www.ibm.com/support/docview.wss?uid=ssg1s1004671",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59325",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59446",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59445",
         },
         {
            trust: 1.6,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677527",
         },
         {
            trust: 1.6,
            url: "http://www.mandriva.com/security/advisories?name=mdvsa-2015:062",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59448",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59447",
         },
         {
            trust: 1.6,
            url: "http://secunia.com/advisories/59449",
         },
         {
            trust: 1,
            url: "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commit%3bh=bc8923b1ec9c467755cd86f7848c50ee8812e441",
         },
         {
            trust: 0.7,
            url: "https://nvd.nist.gov/vuln/detail/cve-2014-0224",
         },
         {
            trust: 0.6,
            url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=bc8923b1ec9c467755cd86f7848c50ee8812e441",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914246-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2022.0696",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.4645/",
         },
         {
            trust: 0.6,
            url: "https://support.lenovo.com/us/en/solutions/len-24443",
         },
         {
            trust: 0.5,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/",
         },
         {
            trust: 0.5,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/",
         },
         {
            trust: 0.5,
            url: "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins",
         },
         {
            trust: 0.3,
            url: "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10045",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24032618",
         },
         {
            trust: 0.3,
            url: "http://www.sophos.com/en-us/support/knowledgebase/121112.aspx",
         },
         {
            trust: 0.3,
            url: "http://sylpheed.sraoss.jp/en/news.html",
         },
         {
            trust: 0.3,
            url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10629&cat=sirt_1&actp=list&showdraft=false",
         },
         {
            trust: 0.3,
            url: "http://www.arubanetworks.com/support/alerts/aid-06062014.txt",
         },
         {
            trust: 0.3,
            url: "http://googlechromereleases.blogspot.com/2014/06/chrome-for-android-update.html",
         },
         {
            trust: 0.3,
            url: "http://blogs.citrix.com/2014/06/06/citrix-security-advisory-for-openssl-vulnerabilities-june-2014/",
         },
         {
            trust: 0.3,
            url: "http://bugs.python.org/issue21671",
         },
         {
            trust: 0.3,
            url: "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10046",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004805",
         },
         {
            trust: 0.3,
            url: "http://seclists.org/bugtraq/2014/aug/att-93/esa-2014-079.txt",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04438404",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21687640",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21682840",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21678123",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21678073",
         },
         {
            trust: 0.3,
            url: "http://www.websense.com/support/article/kbarticle/july-2014-hotfix-summary-for-websense-solutions",
         },
         {
            trust: 0.3,
            url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10643&cat=sirt_1&actp=list",
         },
         {
            trust: 0.3,
            url: "http://jvn.jp/en/jp/jvn61247051/index.html",
         },
         {
            trust: 0.3,
            url: "http://openssl.org/",
         },
         {
            trust: 0.3,
            url: "http://blogs.sophos.com/2014/06/10/openssl-man-in-the-middle-vulnerability-sophos-product-status-2/",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/100181245",
         },
         {
            trust: 0.3,
            url: "http://www.innominate.com/data/downloads/software/innominate_security_advisory_20140606_001_en.pdf",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004758",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004747",
         },
         {
            trust: 0.3,
            url: "http://openvpn.net/index.php/open-source/downloads.html",
         },
         {
            trust: 0.3,
            url: "http://www8.hp.com/us/en/software-solutions/operations-analytics-operations-analysis/",
         },
         {
            trust: 0.3,
            url: "http://www.ibm.com/support/docview.wss?uid=swg21686583",
         },
         {
            trust: 0.3,
            url: "https://community.rapid7.com/community/metasploit/blog/2014/06/05/security-advisory-openssl-vulnerabilities-cve-2014-0224-cve-2014-0221-in-metasploit",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21685551",
         },
         {
            trust: 0.3,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5096059",
         },
         {
            trust: 0.3,
            url: "http://blogs.splunk.com/2014/06/09/splunk-and-the-latest-openssl-vulnerabilities/",
         },
         {
            trust: 0.3,
            url: "http://www.marshut.com/ixwnpv/stunnel-5-02-released.html",
         },
         {
            trust: 0.3,
            url: "http://blogs.sophos.com/2014/06/16/utm-up2date-9-113-released/",
         },
         {
            trust: 0.3,
            url: "http://blogs.sophos.com/2014/06/18/utm-up2date-9-203-released/",
         },
         {
            trust: 0.3,
            url: " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04404764",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04385138",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/100181099",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/101007404",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/100180978",
         },
         {
            trust: 0.3,
            url: "http://ics-cert.us-cert.gov/advisories/icsa-14-198-03",
         },
         {
            trust: 0.3,
            url: "http://seclists.org/bugtraq/2015/mar/21",
         },
         {
            trust: 0.3,
            url: "http://seclists.org/bugtraq/2015/mar/9",
         },
         {
            trust: 0.3,
            url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10659",
         },
         {
            trust: 0.3,
            url: "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03d",
         },
         {
            trust: 0.3,
            url: "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03g",
         },
         {
            trust: 0.3,
            url: "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/100181096",
         },
         {
            trust: 0.3,
            url: "http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=98ec479ee69ccb916d2ea4b09943faf5?nocount=true&externalid=kb36051&sliceid=1&cmd=&forward=nonthreadedkc&command=show&kcid=kb36051&viewe",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21678040",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg1it02314",
         },
         {
            trust: 0.3,
            url: "http://kb.parallels.com/en/121916",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24036409",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24032650#5.0.0.15",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24032651",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg24034955",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020948",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401858",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04355095",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04397114",
         },
         {
            trust: 0.3,
            url: " https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04479505",
         },
         {
            trust: 0.3,
            url: "http://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04512909",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04343424",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368264",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347622",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04345210",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04347711",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349175",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349789",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04349897",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04351097",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04363613",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04368546",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04370307",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04378799",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04379485",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04392919",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04398968",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04401666",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04337774",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04451722",
         },
         {
            trust: 0.3,
            url: "https://h20565.www2.hp.com/portal/site/hpsc/template.page/public/kb/docdisplay/?spf_p.tpst=kbdocdisplay&spf_p.prp_kbdocdisplay=wsrp-navigationalstate%3ddocid%253demr_na-c04406535-1%257cdoclocale%253d%",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docdisplay?docid=emr_na-c04425253",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04595094",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05301946",
         },
         {
            trust: 0.3,
            url: "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04336637",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001840",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/100181215",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21678356",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680546",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21680511,swg21680439,swg21680673,swg21680546",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg24037729",
         },
         {
            trust: 0.3,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095940",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678413",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680706,swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21680673,swg21680546",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21680707,nas8n1020200,swg21680511,swg21680439,swg21680673,swg21680546",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004830",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676889",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676673",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21678660",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676041",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21680439,swg21680673,swg21680546",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676128",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21677891",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676536",
         },
         {
            trust: 0.3,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095910",
         },
         {
            trust: 0.3,
            url: "https://www.xerox.com/download/security/security-bulletin/33a01-5228bdf5d027e/cert_security_mini-_bulletin_xrx15ao_for_cq8570-cq8870_v1-0.pdf",
         },
         {
            trust: 0.3,
            url: "http://www.novell.com/support/kb/doc.php?id=7015158",
         },
         {
            trust: 0.3,
            url: "http://securityadvisories.paloaltonetworks.com/home/detail/23?aspxautodetectcookiesupport=1",
         },
         {
            trust: 0.3,
            url: "http://www.freebsd.org/security/advisories/freebsd-sa-14:14.openssl.asc",
         },
         {
            trust: 0.3,
            url: "https://bto.bluecoat.com/security-advisory/sa80",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/100181079",
         },
         {
            trust: 0.3,
            url: "https://downloads.avaya.com/css/p8/documents/100181566",
         },
         {
            trust: 0.3,
            url: "https://library.netapp.com/ecm/ecm_get_file/ecmp1636026",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020200",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676356",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676276",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676786",
         },
         {
            trust: 0.3,
            url: "https://rhn.redhat.com/errata/rhsa-2014-0625.html",
         },
         {
            trust: 0.3,
            url: "https://rhn.redhat.com/errata/rhsa-2014-0629.html",
         },
         {
            trust: 0.3,
            url: "http://forums.alienvault.com/discussion/3054/security-advisory-alienvault-v4-10-0-addresses-several-vulnerabilities",
         },
         {
            trust: 0.3,
            url: "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-345106.htm",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676793",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021009",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676840",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21677225",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21682398",
         },
         {
            trust: 0.3,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095738",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=nas8n1020163",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21683336",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21678104",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21682023",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1021064",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21682026",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21682025",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21682024",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21677080",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676877",
         },
         {
            trust: 0.3,
            url: "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5095841",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21690128",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004678",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004824",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004690",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676542",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676543",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004744",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676333",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21678289",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004695",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=swg21676708",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=swg21676505",
         },
         {
            trust: 0.3,
            url: "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03b",
         },
         {
            trust: 0.3,
            url: "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03c",
         },
         {
            trust: 0.3,
            url: "https://ics-cert.us-cert.gov/advisories/icsa-14-198-03f",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020976",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg3t1020952",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1007987",
         },
         {
            trust: 0.3,
            url: "http://googlechromereleases.blogspot.com/2014/06/stable-channel-update-for-chrome-os.html",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001842",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=isg400001839",
         },
         {
            trust: 0.3,
            url: "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004821",
         },
         {
            trust: 0.3,
            url: "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004670",
         },
         {
            trust: 0.3,
            url: "www-01.ibm.com/support/docview.wss?uid=ssg1s1004671",
         },
         {
            trust: 0.3,
            url: "http://www.ubuntu.com/usn/usn-2232-4/",
         },
         {
            trust: 0.3,
            url: "http://kb.juniper.net/infocenter/index?page=content&id=jsa10629&cat=sirt_1&actp=list",
         },
         {
            trust: 0.3,
            url: "http://winscp.net/eng/docs/history#5.5.4",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2014-0221",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2014-3470",
         },
         {
            trust: 0.3,
            url: "https://nvd.nist.gov/vuln/detail/cve-2014-0195",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2014-0198",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2010-5298",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00073",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00074",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00070",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00076",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00079",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00071",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00075",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00078",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00072",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/lid/hpcit_00077",
         },
         {
            trust: 0.1,
            url: "http://www.ubuntu.com/usn/usn-2232-3",
         },
         {
            trust: 0.1,
            url: "http://www.ubuntu.com/usn/usn-2232-1",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1e-3ubuntu1.6",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/bugs/1332643",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.4",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.16",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.19",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-3470",
         },
         {
            trust: 0.1,
            url: "http://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-5298",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0221",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0198",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0224",
         },
         {
            trust: 0.1,
            url: "http://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0195",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/km01028458",
         },
         {
            trust: 0.1,
            url: "http://support.openview.hp.com/selfsolve/document/km01020441",
         },
         {
            trust: 0.1,
            url: "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=c03536",
         },
         {
            trust: 0.1,
            url: "https://www.hp.com",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "67899",
         },
         {
            db: "PACKETSTORM",
            id: "127936",
         },
         {
            db: "PACKETSTORM",
            id: "127166",
         },
         {
            db: "PACKETSTORM",
            id: "127630",
         },
         {
            db: "PACKETSTORM",
            id: "127422",
         },
         {
            db: "PACKETSTORM",
            id: "127403",
         },
         {
            db: "PACKETSTORM",
            id: "127190",
         },
         {
            db: "PACKETSTORM",
            id: "128345",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2014-0224",
         },
         {
            db: "BID",
            id: "67899",
         },
         {
            db: "PACKETSTORM",
            id: "127936",
         },
         {
            db: "PACKETSTORM",
            id: "127166",
         },
         {
            db: "PACKETSTORM",
            id: "127630",
         },
         {
            db: "PACKETSTORM",
            id: "127422",
         },
         {
            db: "PACKETSTORM",
            id: "127403",
         },
         {
            db: "PACKETSTORM",
            id: "127190",
         },
         {
            db: "PACKETSTORM",
            id: "128345",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
         {
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2014-06-05T00:00:00",
            db: "VULMON",
            id: "CVE-2014-0224",
         },
         {
            date: "2014-06-05T00:00:00",
            db: "BID",
            id: "67899",
         },
         {
            date: "2014-08-20T15:18:26",
            db: "PACKETSTORM",
            id: "127936",
         },
         {
            date: "2014-06-24T00:52:51",
            db: "PACKETSTORM",
            id: "127166",
         },
         {
            date: "2014-07-28T20:36:25",
            db: "PACKETSTORM",
            id: "127630",
         },
         {
            date: "2014-07-11T21:05:34",
            db: "PACKETSTORM",
            id: "127422",
         },
         {
            date: "2014-07-09T17:11:19",
            db: "PACKETSTORM",
            id: "127403",
         },
         {
            date: "2014-06-24T01:45:14",
            db: "PACKETSTORM",
            id: "127190",
         },
         {
            date: "2014-09-22T16:56:00",
            db: "PACKETSTORM",
            id: "128345",
         },
         {
            date: "2014-06-09T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
         {
            date: "2014-06-05T21:55:07.817000",
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2014-0224",
         },
         {
            date: "2017-10-19T03:03:00",
            db: "BID",
            id: "67899",
         },
         {
            date: "2022-02-18T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
         {
            date: "2023-11-07T02:18:13.190000",
            db: "NVD",
            id: "CVE-2014-0224",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "127630",
         },
         {
            db: "PACKETSTORM",
            id: "127403",
         },
         {
            db: "PACKETSTORM",
            id: "128345",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
      ],
      trust: 0.9,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenSSL Encryption problem vulnerability",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
      ],
      trust: 0.6,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "encryption problem",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201406-080",
         },
      ],
      trust: 0.6,
   },
}

var-200212-0624
Vulnerability from variot

Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability with incorrect lengths of fields in SSH packets has been reported for multiple products that use SSH2 for secure communications. The vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. An attacker may exploit the vulnerability to perform denial-of-service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code. Further details about the vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in Bugtraq ID 6397.

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations

Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC

A complete revision history is at the end of this file.

I. It provides strong encryption, cryptographic host authentication, and integrity protection.... These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.

Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.

Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:

 * CAN-2002-1357 - incorrect field lengths
 * CAN-2002-1358 - lists with empty elements or multiple separators
 * CAN-2002-1359 - "classic" buffer overflows
 * CAN-2002-1360 - null characters in strings

II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.

III. Solution

Apply a patch or upgrade

Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.

Restrict access

Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.

SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.

While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.

Appendix A. Vendor Information

This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.

Cisco Systems, Inc.

 The   official   statement  regarding  this  is  that  we  are  not
 vulnerable.

Cray Inc.

 Cray  Inc.  supports  the  OpenSSH  product through their Cray Open
 Software  (COS)  package.  COS  3.3,  available the end of December
 2002,  is  not vulnerable. If a site is concerned, they can contact
 their  local  Cray  representive  to  obtain  an  early copy of the
 OpenSSH contained in COS 3.3.

F-Secure

 F-Secure  SSH products are not exploitable via these attacks. While
 F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these
 malicious  packets,  we  did  not find ways to exploit this to gain
 unauthorized  access  or  to  run  arbitrary code. Furthermore, the
 crash  occurs  in a forked process so the denial of service attacks
 are not possible.

Fujitsu

 Fujitsu's  UXP/V  OS  is not vulnerable because it does not support
 SSH.

IBM

 IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT
 Vulnerability Note VU#389665.

lsh

 I've now tried the testsuite with the latest stable release of lsh,
 lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.

NetScreen Technologies Inc.

 Tested latest versions. Not Vulnerable.

OpenSSH

 From  my testing it seems that the current version of OpenSSH (3.5)
 is not vulnerable to these problems, and some limited testing shows
 that no version of OpenSSH is vulnerable.

Pragma Systems, Inc.

 December 16, 2002

 Rapid 7 and CERT Coordination Center Vulnerability report VU#389665

 Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
 possible  vulnerability  with  Version  2.0  of Pragma SecureShell. 
 Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new
 Version  3.0,  and found that the attacks did cause a memory access
 protection fault on Microsoft platforms.

 After   research,   Pragma   Systems  corrected  the  problem.

 The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any
 customers  with concerns regarding this vulnerability report should
 contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for
 information  on  obtaining  an upgrade free of charge. Pragma's web
 site is located at www.pragmasys.com and the company can be reached
 at 1-512-219-7270.

PuTTY

 PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.

Appendix B. References

 * CERT/CC Vulnerability Note: VU#389665 -
   http://www.kb.cert.org/vuls/id/389665
 * Rapid 7 Advisory: R7-0009 -
   http://www.rapid7.com/advisories/R7-0009.txt
 * Rapid 7 SSHredder test suite -
   http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
 * IETF     Draft:     SSH     Transport     Layer     Protocol     -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. 
   txt
 * IETF Draft: SSH Protocol Architecture -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
   13.txt
 * Privilege Separated OpenSSH -
   http://www.citi.umich.edu/u/provos/ssh/privsep.html

 _________________________________________________________________

The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________

Author: Art Manion.

This document is available from: http://www.cert.org/advisories/CA-2002-36.html

CERT/CC Contact Information

Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message

subscribe cert-advisory

  • "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________

Conditions for use, disclaimers, and sponsorship information

Copyright 2002 Carnegie Mellon University.

Revision History

December 16, 2002: Initial release

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200212-0624",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ios",
            scope: "eq",
            trust: 2.7,
            vendor: "cisco",
            version: "12.2",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 1.6,
            vendor: "winscp",
            version: "2.0.0",
         },
         {
            model: "shellguard ssh",
            scope: "eq",
            trust: 1.6,
            vendor: "netcomposite",
            version: "3.4.6",
         },
         {
            model: "securenetterm",
            scope: "eq",
            trust: 1.6,
            vendor: "intersoft",
            version: "5.4.1",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.2s",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.2t",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.0st",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.1e",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.1t",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.1ea",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.6,
            vendor: "cisco",
            version: "12.0s",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1,
            vendor: "putty",
            version: "0.53",
         },
         {
            model: "ssh client",
            scope: "eq",
            trust: 1,
            vendor: "fissh",
            version: "1.0a_for_windows",
         },
         {
            model: "secureshell",
            scope: "eq",
            trust: 1,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1,
            vendor: "putty",
            version: "0.49",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1,
            vendor: "putty",
            version: "0.48",
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "alcatel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "cisco",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "f secure",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "hewlett packard",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "intersoft",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "juniper",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "nortel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "pragma",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "putty",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "riverstone",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "ssh security",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "f-secure ssh",
            scope: "lte",
            trust: 0.8,
            vendor: "f secure",
            version: "3.1.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.0",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.2",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.3",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.49",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.48",
         },
         {
            model: "systems secureshell",
            scope: "eq",
            trust: 0.6,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "ssh client for windows a",
            scope: "eq",
            trust: 0.6,
            vendor: "fissh",
            version: "1.0",
         },
         {
            model: "tatham putty b",
            scope: "ne",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "systems secureshell",
            scope: "ne",
            trust: 0.6,
            vendor: "pragma",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.5",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "lsh",
            scope: "ne",
            trust: 0.6,
            vendor: "lsh",
            version: "1.5",
         },
         {
            model: "securenetterm",
            scope: "ne",
            trust: 0.6,
            vendor: "intersoft",
            version: "5.4.2",
         },
         {
            model: "winsshd",
            scope: "ne",
            trust: 0.6,
            vendor: "bitvise",
            version: "3.5",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.3(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.5",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(3)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.4",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.3",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.2",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.1",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "2.3(5)",
         },
         {
            model: "ons 15454e optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.14",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.5",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(3)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.4",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.3",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.2.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.1.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154542.3(5)",
         },
         {
            model: "ons ios-based blades",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15454",
         },
         {
            model: "ons metro edge optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15327",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.14",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(3)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.4",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.3",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.2",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.0",
         },
         {
            model: "ios 12.2t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1ea",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1e",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0st",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "securecrt",
            scope: "ne",
            trust: 0.3,
            vendor: "vandyke",
            version: "3.4.3",
         },
         {
            model: "vshell",
            scope: "ne",
            trust: 0.3,
            vendor: "van dyke",
            version: "1.2",
         },
         {
            model: "ttssh",
            scope: "ne",
            trust: 0.3,
            vendor: "ttssh",
            version: "1.5.4",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "BID",
            id: "6405",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Rapid 7 Security Advisories※ advisory@rapid7.com",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2002-1357",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: true,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2002-1357",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "VHN-5742",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "CVE-2002-1357",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "HIGH",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2002-1357",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#389665",
                  trust: 0.8,
                  value: "11.04",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200212-040",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULHUB",
                  id: "VHN-5742",
                  trust: 0.1,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2002-1357",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization.  Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. A vulnerability with incorrect lengths of fields in SSH packets has been reported for multiple products that use SSH2 for secure communications. \nThe vulnerability has been reported to affect initialization, key exchange, and negotiation phases of SSH communications. An attacker may exploit the vulnerability to perform denial-of-service attacks against vulnerable systems and possibly to execute malicious, attacker-supplied code. \nFurther details about the vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in Bugtraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n   Original issue date: December 16, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history is at the end of this file. \n\n\nI. \n     It  provides  strong encryption, cryptographic host authentication,\n     and  integrity  protection.... These vulnerabilities include buffer\n   overflows,  and they occur before any user authentication takes place. \n   SSHredder  was  primarily  designed  to  test  key  exchange and other\n   processes that are specific to version 2 of the SSH protocol; however,\n   certain classes of tests are also applicable to version 1. \n\n   Rapid7  has  published a detailed advisory (R7-0009) and the SSHredder\n   test suite. \n\n   Common  Vulnerabilities and Exposures (CVE) has assigned the following\n   candidate numbers for several classes of tests performed by SSHredder:\n\n     * CAN-2002-1357 - incorrect field lengths\n     * CAN-2002-1358 - lists with empty elements or multiple separators\n     * CAN-2002-1359 - \"classic\" buffer overflows\n     * CAN-2002-1360 - null characters in strings\n\n\nII. On\n   Microsoft  Windows  systems,  SSH  servers  commonly  run  with SYSTEM\n   privileges,  and  on UNIX systems, SSH daemons typically run with root\n   privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n   Apply  the  appropriate  patch or upgrade as specified by your vendor. \n   See Appendix A below and the Systems Affected section of VU#389665 for\n   specific information. \n\nRestrict access\n\n   Limit  access  to  SSH  servers  to  trusted  hosts and networks using\n   firewalls or other packet-filtering systems. Some SSH servers may have\n   the  ability  to  restrict  access  based  on IP addresses, or similar\n   effects  may  be  achieved  by  using  TCP  wrappers  or other related\n   technology. \n\n   SSH  clients  can  reduce  the  risk  of attacks by only connecting to\n   trusted servers by IP address. \n\n   While  these  workarounds  will  not  prevent  exploitation  of  these\n   vulnerabilities,  they  will  make attacks somewhat more difficult, in\n   part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n   This  appendix  contains information provided by vendors. When vendors\n   report  new  information,  this section is updated and the changes are\n   noted  in  the  revision  history. If a vendor is not listed below, we\n   have  not  received  their  comments.  The Systems Affected section of\n   VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n     The   official   statement  regarding  this  is  that  we  are  not\n     vulnerable. \n\nCray Inc. \n\n     Cray  Inc.  supports  the  OpenSSH  product through their Cray Open\n     Software  (COS)  package.  COS  3.3,  available the end of December\n     2002,  is  not vulnerable. If a site is concerned, they can contact\n     their  local  Cray  representive  to  obtain  an  early copy of the\n     OpenSSH contained in COS 3.3. \n\nF-Secure\n\n     F-Secure  SSH products are not exploitable via these attacks. While\n     F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these\n     malicious  packets,  we  did  not find ways to exploit this to gain\n     unauthorized  access  or  to  run  arbitrary code. Furthermore, the\n     crash  occurs  in a forked process so the denial of service attacks\n     are not possible. \n\nFujitsu\n\n     Fujitsu's  UXP/V  OS  is not vulnerable because it does not support\n     SSH. \n\nIBM\n\n     IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT\n     Vulnerability Note VU#389665. \n\nlsh\n\n     I've now tried the testsuite with the latest stable release of lsh,\n     lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n     Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n     From  my testing it seems that the current version of OpenSSH (3.5)\n     is not vulnerable to these problems, and some limited testing shows\n     that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n     December 16, 2002\n\n     Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n     Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n     possible  vulnerability  with  Version  2.0  of Pragma SecureShell. \n     Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new\n     Version  3.0,  and found that the attacks did cause a memory access\n     protection fault on Microsoft platforms. \n\n     After   research,   Pragma   Systems  corrected  the  problem. \n\n     The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any\n     customers  with concerns regarding this vulnerability report should\n     contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for\n     information  on  obtaining  an upgrade free of charge. Pragma's web\n     site is located at www.pragmasys.com and the company can be reached\n     at 1-512-219-7270. \n\nPuTTY\n\n     PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n     * CERT/CC Vulnerability Note: VU#389665 -\n       http://www.kb.cert.org/vuls/id/389665\n     * Rapid 7 Advisory: R7-0009 -\n       http://www.rapid7.com/advisories/R7-0009.txt\n     * Rapid 7 SSHredder test suite -\n       http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n     * IETF     Draft:     SSH     Transport     Layer     Protocol     -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n       txt\n     * IETF Draft: SSH Protocol Architecture -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n       13.txt\n     * Privilege Separated OpenSSH -\n       http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n     _________________________________________________________________\n\n   The  CERT  Coordination  Center  thanks  Rapid7  for  researching  and\n   reporting these vulnerabilities. \n     _________________________________________________________________\n\n   Author: Art Manion. \n   ______________________________________________________________________\n\n   This document is available from:\n   http://www.cert.org/advisories/CA-2002-36.html\n   ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n   Email: cert@cert.org\n          Phone: +1 412-268-7090 (24-hour hotline)\n          Fax: +1 412-268-6989\n          Postal address:\n          CERT Coordination Center\n          Software Engineering Institute\n          Carnegie Mellon University\n          Pittsburgh PA 15213-3890\n          U.S.A. \n\n   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /\n   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies\n   during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n   We  strongly  urge you to encrypt sensitive information sent by email. \n   Our public PGP key is available from\n   http://www.cert.org/CERT_PGP.key\n\n   If  you  prefer  to  use  DES,  please  call the CERT hotline for more\n   information. \n\nGetting security information\n\n   CERT  publications  and  other security information are available from\n   our web site\n   http://www.cert.org/\n\n   To  subscribe  to  the CERT mailing list for advisories and bulletins,\n   send  email  to majordomo@cert.org. Please include in the body of your\n   message\n\n   subscribe cert-advisory\n\n   *  \"CERT\"  and  \"CERT  Coordination Center\" are registered in the U.S. \n   Patent and Trademark Office. \n   ______________________________________________________________________\n\n   NO WARRANTY\n   Any  material furnished by Carnegie Mellon University and the Software\n   Engineering  Institute  is  furnished  on  an  \"as is\" basis. Carnegie\n   Mellon University makes no warranties of any kind, either expressed or\n   implied  as  to  any matter including, but not limited to, warranty of\n   fitness  for  a  particular purpose or merchantability, exclusivity or\n   results  obtained from use of the material. Carnegie Mellon University\n   does  not  make  any warranty of any kind with respect to freedom from\n   patent, trademark, or copyright infringement. \n     _________________________________________________________________\n\n   Conditions for use, disclaimers, and sponsorship information\n\n   Copyright 2002 Carnegie Mellon University. \n\n   Revision History\n\n   December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            db: "BID",
            id: "6405",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
      ],
      trust: 3.15,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#389665",
            trust: 3.5,
         },
         {
            db: "BID",
            id: "6405",
            trust: 2.9,
         },
         {
            db: "NVD",
            id: "CVE-2002-1357",
            trust: 2.9,
         },
         {
            db: "SECTRACK",
            id: "1005813",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1005812",
            trust: 1.7,
         },
         {
            db: "BID",
            id: "6397",
            trust: 1.1,
         },
         {
            db: "BID",
            id: "6410",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6407",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6408",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
            trust: 0.7,
         },
         {
            db: "CERT/CC",
            id: "CA-2002-36",
            trust: 0.6,
         },
         {
            db: "OVAL",
            id: "OVAL:ORG.MITRE.OVAL:DEF:5849",
            trust: 0.6,
         },
         {
            db: "VULNWATCH",
            id: "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
            trust: 0.6,
         },
         {
            db: "XF",
            id: "10868",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-5742",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2002-1357",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "30625",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            db: "BID",
            id: "6405",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
   },
   id: "VAR-200212-0624",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5742",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:13:57.960000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            title: "2003120403",
            trust: 0.8,
            url: "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml",
         },
         {
            title: "303",
            trust: 0.8,
            url: "http://www.ssh.com/company/newsroom/article/303/",
         },
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml",
         },
         {
            title: "Cisco: SSH Malformed Packet Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20021219-ssh-packet",
         },
         {
            title: "PuTTy-",
            trust: 0.1,
            url: "https://github.com/pbr94/putty- ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-119",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.3,
            url: "http://www.cert.org/advisories/ca-2002-36.html",
         },
         {
            trust: 2.8,
            url: "http://www.kb.cert.org/vuls/id/389665",
         },
         {
            trust: 2.6,
            url: "http://www.securityfocus.com/bid/6405",
         },
         {
            trust: 1.8,
            url: "http://securitytracker.com/id?1005812",
         },
         {
            trust: 1.8,
            url: "http://securitytracker.com/id?1005813",
         },
         {
            trust: 1.8,
            url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
         },
         {
            trust: 1.2,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5849",
         },
         {
            trust: 1.2,
            url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/10868",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/advisories/r7-0009.txt",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666",
         },
         {
            trust: 0.9,
            url: "http://www.citi.umich.edu/u/provos/ssh/privsep.html",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ciac.org/ciac/bulletins/n-028.shtml",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1357",
         },
         {
            trust: 0.8,
            url: "http://www.jpcert.or.jp/wr/2002/wr025001.txt",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnca-2002-36",
         },
         {
            trust: 0.8,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1357",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6407",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6408",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6397",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6410",
         },
         {
            trust: 0.6,
            url: "http://www.f-secure.com/",
         },
         {
            trust: 0.6,
            url: "http://www.ssh.com",
         },
         {
            trust: 0.6,
            url: "http://xforce.iss.net/xforce/xfdb/10868",
         },
         {
            trust: 0.6,
            url: "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5849",
         },
         {
            trust: 0.3,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            trust: 0.3,
            url: "/archive/1/305241",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/119.html",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/vulnerabilities/cisco-sshredder-dos",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/pbr94/putty-",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/cert_pgp.key",
         },
         {
            trust: 0.1,
            url: "https://www.pragmasys.com",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            db: "BID",
            id: "6405",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            db: "BID",
            id: "6405",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2002-12-16T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6405",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            date: "2002-12-21T10:23:09",
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            date: "2002-12-23T05:00:00",
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2003-06-18T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2017-10-11T00:00:00",
            db: "VULHUB",
            id: "VHN-5742",
         },
         {
            date: "2017-10-11T00:00:00",
            db: "VULMON",
            id: "CVE-2002-1357",
         },
         {
            date: "2006-05-16T22:04:00",
            db: "BID",
            id: "6405",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000322",
         },
         {
            date: "2017-10-11T01:29:03.620000",
            db: "NVD",
            id: "CVE-2002-1357",
         },
         {
            date: "2009-03-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-040",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Unknown",
      sources: [
         {
            db: "BID",
            id: "6405",
         },
         {
            db: "BID",
            id: "6397",
         },
      ],
      trust: 0.6,
   },
}

var-200212-0627
Vulnerability from variot

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization. Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to issues related to the handling of null characters in strings. These issues may be used to cause unpredictable behavior to occur, such as a denial of service or memory corruption. It is reportedly possible to trigger these conditions prior to authentication. These conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server. These issues are known to affect various client and server implementations of the protocol. Further details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397.

-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations

Original issue date: December 16, 2002 Last revised: -- Source: CERT/CC

A complete revision history is at the end of this file.

I. It provides strong encryption, cryptographic host authentication, and integrity protection.... These vulnerabilities include buffer overflows, and they occur before any user authentication takes place. SSHredder was primarily designed to test key exchange and other processes that are specific to version 2 of the SSH protocol; however, certain classes of tests are also applicable to version 1.

Rapid7 has published a detailed advisory (R7-0009) and the SSHredder test suite.

Common Vulnerabilities and Exposures (CVE) has assigned the following candidate numbers for several classes of tests performed by SSHredder:

 * CAN-2002-1357 - incorrect field lengths
 * CAN-2002-1358 - lists with empty elements or multiple separators
 * CAN-2002-1359 - "classic" buffer overflows
 * CAN-2002-1360 - null characters in strings

II. On Microsoft Windows systems, SSH servers commonly run with SYSTEM privileges, and on UNIX systems, SSH daemons typically run with root privileges.

III. Solution

Apply a patch or upgrade

Apply the appropriate patch or upgrade as specified by your vendor. See Appendix A below and the Systems Affected section of VU#389665 for specific information.

Restrict access

Limit access to SSH servers to trusted hosts and networks using firewalls or other packet-filtering systems. Some SSH servers may have the ability to restrict access based on IP addresses, or similar effects may be achieved by using TCP wrappers or other related technology.

SSH clients can reduce the risk of attacks by only connecting to trusted servers by IP address.

While these workarounds will not prevent exploitation of these vulnerabilities, they will make attacks somewhat more difficult, in part by limiting the number of potential sources of attacks.

Appendix A. Vendor Information

This appendix contains information provided by vendors. When vendors report new information, this section is updated and the changes are noted in the revision history. If a vendor is not listed below, we have not received their comments. The Systems Affected section of VU#389665 contains additional vendor status information.

Cisco Systems, Inc.

 The   official   statement  regarding  this  is  that  we  are  not
 vulnerable.

Cray Inc.

 Cray  Inc.  supports  the  OpenSSH  product through their Cray Open
 Software  (COS)  package.  COS  3.3,  available the end of December
 2002,  is  not vulnerable. If a site is concerned, they can contact
 their  local  Cray  representive  to  obtain  an  early copy of the
 OpenSSH contained in COS 3.3.

F-Secure

 F-Secure  SSH products are not exploitable via these attacks. While
 F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these
 malicious  packets,  we  did  not find ways to exploit this to gain
 unauthorized  access  or  to  run  arbitrary code. Furthermore, the
 crash  occurs  in a forked process so the denial of service attacks
 are not possible.

Fujitsu

 Fujitsu's  UXP/V  OS  is not vulnerable because it does not support
 SSH.

IBM

 IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT
 Vulnerability Note VU#389665.

lsh

 I've now tried the testsuite with the latest stable release of lsh,
 lsh-1.4.2. Both the client and the server seem NOT VULNERABLE.

NetScreen Technologies Inc.

 Tested latest versions. Not Vulnerable.

OpenSSH

 From  my testing it seems that the current version of OpenSSH (3.5)
 is not vulnerable to these problems, and some limited testing shows
 that no version of OpenSSH is vulnerable.

Pragma Systems, Inc.

 December 16, 2002

 Rapid 7 and CERT Coordination Center Vulnerability report VU#389665

 Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a
 possible  vulnerability  with  Version  2.0  of Pragma SecureShell. 
 Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new
 Version  3.0,  and found that the attacks did cause a memory access
 protection fault on Microsoft platforms.

 After   research,   Pragma   Systems  corrected  the  problem.

 The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any
 customers  with concerns regarding this vulnerability report should
 contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for
 information  on  obtaining  an upgrade free of charge. Pragma's web
 site is located at www.pragmasys.com and the company can be reached
 at 1-512-219-7270.

PuTTY

 PuTTY 0.53b addresses vulnerabilities discovered by SSHredder.

Appendix B. References

 * CERT/CC Vulnerability Note: VU#389665 -
   http://www.kb.cert.org/vuls/id/389665
 * Rapid 7 Advisory: R7-0009 -
   http://www.rapid7.com/advisories/R7-0009.txt
 * Rapid 7 SSHredder test suite -
   http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666
 * IETF     Draft:     SSH     Transport     Layer     Protocol     -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. 
   txt
 * IETF Draft: SSH Protocol Architecture -
   http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-
   13.txt
 * Privilege Separated OpenSSH -
   http://www.citi.umich.edu/u/provos/ssh/privsep.html

 _________________________________________________________________

The CERT Coordination Center thanks Rapid7 for researching and reporting these vulnerabilities. ___________

Author: Art Manion.

This document is available from: http://www.cert.org/advisories/CA-2002-36.html

CERT/CC Contact Information

Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site http://www.cert.org/

To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message

subscribe cert-advisory

  • "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. ___________

Conditions for use, disclaimers, and sponsorship information

Copyright 2002 Carnegie Mellon University.

Revision History

December 16, 2002: Initial release

-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8

iQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/ PlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd yIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3 xazIo8XEipc= =Nj+0 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200212-0627",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ios",
            scope: "eq",
            trust: 2.8,
            vendor: "cisco",
            version: "12.2",
         },
         {
            model: "securenetterm",
            scope: "eq",
            trust: 1.7,
            vendor: "intersoft",
            version: "5.4.1",
         },
         {
            model: "shellguard ssh",
            scope: "eq",
            trust: 1.7,
            vendor: "netcomposite",
            version: "3.4.6",
         },
         {
            model: "winscp",
            scope: "eq",
            trust: 1.7,
            vendor: "winscp",
            version: "2.0.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.0s",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.0st",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.1e",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.1ea",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.1t",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.2s",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 1.7,
            vendor: "cisco",
            version: "12.2t",
         },
         {
            model: "secureshell",
            scope: "eq",
            trust: 1.1,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1.1,
            vendor: "putty",
            version: "0.48",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1.1,
            vendor: "putty",
            version: "0.49",
         },
         {
            model: "putty",
            scope: "eq",
            trust: 1.1,
            vendor: "putty",
            version: "0.53",
         },
         {
            model: "ssh client",
            scope: "eq",
            trust: 1,
            vendor: "fissh",
            version: "1.0a_for_windows",
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "alcatel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "cisco",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "f secure",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "hewlett packard",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "intersoft",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "juniper",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "nortel",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "pragma",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "putty",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "riverstone",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "ssh security",
            version: null,
         },
         {
            model: null,
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "f-secure ssh",
            scope: "lte",
            trust: 0.8,
            vendor: "f secure",
            version: "3.1.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.0",
         },
         {
            model: "ios",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "12.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.0",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.1",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.2",
         },
         {
            model: "pix firewall",
            scope: "eq",
            trust: 0.8,
            vendor: "cisco",
            version: "6.3",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.49",
         },
         {
            model: "tatham putty",
            scope: "eq",
            trust: 0.6,
            vendor: "simon",
            version: "0.48",
         },
         {
            model: "systems secureshell",
            scope: "eq",
            trust: 0.6,
            vendor: "pragma",
            version: "2.0",
         },
         {
            model: "ssh client for windows a",
            scope: "eq",
            trust: 0.6,
            vendor: "fissh",
            version: "1.0",
         },
         {
            model: "tatham putty b",
            scope: "ne",
            trust: 0.6,
            vendor: "simon",
            version: "0.53",
         },
         {
            model: "systems secureshell",
            scope: "ne",
            trust: 0.6,
            vendor: "pragma",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.5",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.3",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "p1",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "ne",
            trust: 0.6,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "lsh",
            scope: "ne",
            trust: 0.6,
            vendor: "lsh",
            version: "1.5",
         },
         {
            model: "securenetterm",
            scope: "ne",
            trust: 0.6,
            vendor: "intersoft",
            version: "5.4.2",
         },
         {
            model: "winsshd",
            scope: "ne",
            trust: 0.6,
            vendor: "bitvise",
            version: "3.5",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.3(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "156001.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.6(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.5",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(3)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.1(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(2)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(1)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0(0)",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "4.0",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.4",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.3",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.2",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "3.1",
         },
         {
            model: "ons 15454sdh",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "2.3(5)",
         },
         {
            model: "ons 15454e optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.14",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.6(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.5",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(3)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1(0)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.1",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(2)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0(1)",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154544.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.4",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.3",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.2.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.1.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154543.0",
         },
         {
            model: "ons optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "154542.3(5)",
         },
         {
            model: "ons ios-based blades",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15454",
         },
         {
            model: "ons metro edge optical transport platform",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "15327",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.14",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.6(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(3)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.1(0)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(2)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0(1)",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153274.0",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.4",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.3",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.2",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.1",
         },
         {
            model: "ons",
            scope: "eq",
            trust: 0.3,
            vendor: "cisco",
            version: "153273.0",
         },
         {
            model: "ios 12.2t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.2s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1t",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1ea",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.1e",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0st",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "ios 12.0s",
            scope: null,
            trust: 0.3,
            vendor: "cisco",
            version: null,
         },
         {
            model: "securecrt",
            scope: "ne",
            trust: 0.3,
            vendor: "vandyke",
            version: "3.4.3",
         },
         {
            model: "vshell",
            scope: "ne",
            trust: 0.3,
            vendor: "van dyke",
            version: "1.2",
         },
         {
            model: "ttssh",
            scope: "ne",
            trust: 0.3,
            vendor: "ttssh",
            version: "1.5.4",
         },
         {
            model: "ssh client",
            scope: "eq",
            trust: 0.1,
            vendor: "fissh",
            version: "1.0a for windows",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            db: "BID",
            id: "6410",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:pragma_systems:secureshell:2.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:fissh:ssh_client:1.0a_for_windows:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:winscp:winscp:2.0.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:intersoft:securenetterm:5.4.1:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                           {
                              cpe23Uri: "cpe:2.3:a:netcomposite:shellguard_ssh:3.4.6:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Rapid 7 Security Advisories※ advisory@rapid7.com",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2002-1360",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: true,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "HIGH",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Low",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 7.5,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2002-1360",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "High",
                  trust: 0.8,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "VHN-5745",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  severity: "HIGH",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULMON",
                  availabilityImpact: "COMPLETE",
                  baseScore: 10,
                  confidentialityImpact: "COMPLETE",
                  exploitabilityScore: 10,
                  id: "CVE-2002-1360",
                  impactScore: 10,
                  integrityImpact: "COMPLETE",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "HIGH",
                  trust: 0.1,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2002-1360",
                  trust: 1.8,
                  value: "HIGH",
               },
               {
                  author: "CARNEGIE MELLON",
                  id: "VU#389665",
                  trust: 0.8,
                  value: "11.04",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200212-049",
                  trust: 0.6,
                  value: "CRITICAL",
               },
               {
                  author: "VULHUB",
                  id: "VHN-5745",
                  trust: 0.1,
                  value: "HIGH",
               },
               {
                  author: "VULMON",
                  id: "CVE-2002-1360",
                  trust: 0.1,
                  value: "HIGH",
               },
            ],
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. Secure shell (SSH) transport layer protocol implementations from different vendors contain multiple vulnerabilities in code that handles key exchange and initialization.  Both SSH servers and clients are affected. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ TCP/IP Used by higher layers SSH The transport layer protocol is SSH This is the protocol that forms the basis of the entire protocol. Key exchange, encryption technology to be used, message authentication algorithm, etc. have been agreed, and functions such as encrypted data transfer and server authentication are provided. Provided by many vendors SSH There is a deficiency in the implementation method in products that implement the protocol. Remote attackers are responsible for various malicious packets that are handled during the initial setup, key exchange, and connection phase related to this protocol. ( Packet length padding Packets with unusual lengths, packets with malformed character strings or values inserted, packets for which the algorithm is not properly defined, etc. ) By sending SSH Cause a server or client to go out of service, and SSH It is possible to execute arbitrary code with the execution authority of the server or client. However, the impact of this issue is provided by each vendor SSH It depends on the product. Details are currently unknown, SSH Communications Security Provided by SSH Secure Shell in the case of, SSH It can lead to server child processes or client crashes. Also F-Secure of F-Secure SSH In the case of, SSH If you use both products as a result, it may cause the server child process to crash, SSH The connection between the server and client may be lost. However, the client can connect by trying to reconnect. At this time, SSH Secure Shell and F-Secure SSH of Windows The effect of the edition is unknown. OpenSSH Is not affected by this issue. Cisco IOS In the case of SSH Because the server is disabled, the default setting is not affected by this issue.Please refer to the “Overview” for the impact of this vulnerability. Multiple vendor SSH2 implementations are reported to be prone to issues related to the handling of null characters in strings.  These issues may be used to cause unpredictable behavior to occur, such as a denial of service or memory corruption.  It is reportedly possible to trigger these conditions prior to authentication. \nThese conditions were discovered during tests of the initialization, key exchange, and negotiation phases (KEX, KEXINIT) of a SSH2 transaction between client and server.  These issues are known to affect various client and server implementations of the protocol. \nFurther details about this vulnerability are currently unknown. This BID will be updated as more information becomes available. This vulnerability was originally described in BugTraq ID 6397. \n\n-----BEGIN PGP SIGNED MESSAGE-----\n\n\nCERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations\n\n   Original issue date: December 16, 2002\n   Last revised: --\n   Source: CERT/CC\n\n   A complete revision history is at the end of this file. \n\n\nI. \n     It  provides  strong encryption, cryptographic host authentication,\n     and  integrity  protection.... These vulnerabilities include buffer\n   overflows,  and they occur before any user authentication takes place. \n   SSHredder  was  primarily  designed  to  test  key  exchange and other\n   processes that are specific to version 2 of the SSH protocol; however,\n   certain classes of tests are also applicable to version 1. \n\n   Rapid7  has  published a detailed advisory (R7-0009) and the SSHredder\n   test suite. \n\n   Common  Vulnerabilities and Exposures (CVE) has assigned the following\n   candidate numbers for several classes of tests performed by SSHredder:\n\n     * CAN-2002-1357 - incorrect field lengths\n     * CAN-2002-1358 - lists with empty elements or multiple separators\n     * CAN-2002-1359 - \"classic\" buffer overflows\n     * CAN-2002-1360 - null characters in strings\n\n\nII. On\n   Microsoft  Windows  systems,  SSH  servers  commonly  run  with SYSTEM\n   privileges,  and  on UNIX systems, SSH daemons typically run with root\n   privileges. \n\n\nIII. Solution\n\nApply a patch or upgrade\n\n   Apply  the  appropriate  patch or upgrade as specified by your vendor. \n   See Appendix A below and the Systems Affected section of VU#389665 for\n   specific information. \n\nRestrict access\n\n   Limit  access  to  SSH  servers  to  trusted  hosts and networks using\n   firewalls or other packet-filtering systems. Some SSH servers may have\n   the  ability  to  restrict  access  based  on IP addresses, or similar\n   effects  may  be  achieved  by  using  TCP  wrappers  or other related\n   technology. \n\n   SSH  clients  can  reduce  the  risk  of attacks by only connecting to\n   trusted servers by IP address. \n\n   While  these  workarounds  will  not  prevent  exploitation  of  these\n   vulnerabilities,  they  will  make attacks somewhat more difficult, in\n   part by limiting the number of potential sources of attacks. \n\n\nAppendix A. Vendor Information\n\n   This  appendix  contains information provided by vendors. When vendors\n   report  new  information,  this section is updated and the changes are\n   noted  in  the  revision  history. If a vendor is not listed below, we\n   have  not  received  their  comments.  The Systems Affected section of\n   VU#389665 contains additional vendor status information. \n\nCisco Systems, Inc. \n\n     The   official   statement  regarding  this  is  that  we  are  not\n     vulnerable. \n\nCray Inc. \n\n     Cray  Inc.  supports  the  OpenSSH  product through their Cray Open\n     Software  (COS)  package.  COS  3.3,  available the end of December\n     2002,  is  not vulnerable. If a site is concerned, they can contact\n     their  local  Cray  representive  to  obtain  an  early copy of the\n     OpenSSH contained in COS 3.3. \n\nF-Secure\n\n     F-Secure  SSH products are not exploitable via these attacks. While\n     F-Secure  SSH  versions  3.1.0  build 11 and earlier crash on these\n     malicious  packets,  we  did  not find ways to exploit this to gain\n     unauthorized  access  or  to  run  arbitrary code. Furthermore, the\n     crash  occurs  in a forked process so the denial of service attacks\n     are not possible. \n\nFujitsu\n\n     Fujitsu's  UXP/V  OS  is not vulnerable because it does not support\n     SSH. \n\nIBM\n\n     IBM's  AIX  is  not  vulnerabible  to  the issues discussed in CERT\n     Vulnerability Note VU#389665. \n\nlsh\n\n     I've now tried the testsuite with the latest stable release of lsh,\n     lsh-1.4.2. Both the client and the server seem NOT VULNERABLE. \n\nNetScreen Technologies Inc. \n\n     Tested latest versions. Not Vulnerable. \n\nOpenSSH\n\n     From  my testing it seems that the current version of OpenSSH (3.5)\n     is not vulnerable to these problems, and some limited testing shows\n     that no version of OpenSSH is vulnerable. \n\nPragma Systems, Inc. \n\n     December 16, 2002\n\n     Rapid 7 and CERT Coordination Center Vulnerability report VU#389665\n\n     Pragma Systems Inc. of Austin, Texas, USA, was notified regarding a\n     possible  vulnerability  with  Version  2.0  of Pragma SecureShell. \n     Pragma  Systems  tested Pragma SecureShell 2.0 and the upcoming new\n     Version  3.0,  and found that the attacks did cause a memory access\n     protection fault on Microsoft platforms. \n\n     After   research,   Pragma   Systems  corrected  the  problem. \n\n     The  problem  is  corrected  in Pragma SecureShell Version 3.0. Any\n     customers  with concerns regarding this vulnerability report should\n     contact   Pragma   Systems,   Inc   at   support@pragmasys.com  for\n     information  on  obtaining  an upgrade free of charge. Pragma's web\n     site is located at www.pragmasys.com and the company can be reached\n     at 1-512-219-7270. \n\nPuTTY\n\n     PuTTY 0.53b addresses vulnerabilities discovered by SSHredder. \n\n\nAppendix B. References\n\n     * CERT/CC Vulnerability Note: VU#389665 -\n       http://www.kb.cert.org/vuls/id/389665\n     * Rapid 7 Advisory: R7-0009 -\n       http://www.rapid7.com/advisories/R7-0009.txt\n     * Rapid 7 SSHredder test suite -\n       http://www.rapid7.com/perl/DownloadRequest.pl?PackageChoice=666\n     * IETF     Draft:     SSH     Transport     Layer     Protocol     -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15. \n       txt\n     * IETF Draft: SSH Protocol Architecture -\n       http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-\n       13.txt\n     * Privilege Separated OpenSSH -\n       http://www.citi.umich.edu/u/provos/ssh/privsep.html\n\n     _________________________________________________________________\n\n   The  CERT  Coordination  Center  thanks  Rapid7  for  researching  and\n   reporting these vulnerabilities. \n     _________________________________________________________________\n\n   Author: Art Manion. \n   ______________________________________________________________________\n\n   This document is available from:\n   http://www.cert.org/advisories/CA-2002-36.html\n   ______________________________________________________________________\n\n\nCERT/CC Contact Information\n\n   Email: cert@cert.org\n          Phone: +1 412-268-7090 (24-hour hotline)\n          Fax: +1 412-268-6989\n          Postal address:\n          CERT Coordination Center\n          Software Engineering Institute\n          Carnegie Mellon University\n          Pittsburgh PA 15213-3890\n          U.S.A. \n\n   CERT/CC   personnel   answer  the  hotline  08:00-17:00  EST(GMT-5)  /\n   EDT(GMT-4)  Monday  through  Friday;  they are on call for emergencies\n   during other hours, on U.S. holidays, and on weekends. \n\nUsing encryption\n\n   We  strongly  urge you to encrypt sensitive information sent by email. \n   Our public PGP key is available from\n   http://www.cert.org/CERT_PGP.key\n\n   If  you  prefer  to  use  DES,  please  call the CERT hotline for more\n   information. \n\nGetting security information\n\n   CERT  publications  and  other security information are available from\n   our web site\n   http://www.cert.org/\n\n   To  subscribe  to  the CERT mailing list for advisories and bulletins,\n   send  email  to majordomo@cert.org. Please include in the body of your\n   message\n\n   subscribe cert-advisory\n\n   *  \"CERT\"  and  \"CERT  Coordination Center\" are registered in the U.S. \n   Patent and Trademark Office. \n   ______________________________________________________________________\n\n   NO WARRANTY\n   Any  material furnished by Carnegie Mellon University and the Software\n   Engineering  Institute  is  furnished  on  an  \"as is\" basis. Carnegie\n   Mellon University makes no warranties of any kind, either expressed or\n   implied  as  to  any matter including, but not limited to, warranty of\n   fitness  for  a  particular purpose or merchantability, exclusivity or\n   results  obtained from use of the material. Carnegie Mellon University\n   does  not  make  any warranty of any kind with respect to freedom from\n   patent, trademark, or copyright infringement. \n     _________________________________________________________________\n\n   Conditions for use, disclaimers, and sponsorship information\n\n   Copyright 2002 Carnegie Mellon University. \n\n   Revision History\n\n   December 16, 2002: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 6.5.8\n\niQCVAwUBPf4qimjtSoHZUTs5AQEGbAQAiJcA+QFf2mOElaPIFwEmSRC83xlKifq/\nPlmaGbUx2UnwTIi8s2ETF8KjlfQjjgO20B4ms1MMaJ/heyxklOgpeBOQ2mpa2Tnd\nyIY7sxpBuRjF1qS6yQ8/OrcsSqVxdxZWkPLAypV11WcJlMmSxxLdKi5t86EsWic3\nxazIo8XEipc=\n=Nj+0\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            db: "BID",
            id: "6410",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
      ],
      trust: 3.15,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2002-1360",
            trust: 2.9,
         },
         {
            db: "CERT/CC",
            id: "VU#389665",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1005813",
            trust: 1.7,
         },
         {
            db: "SECTRACK",
            id: "1005812",
            trust: 1.7,
         },
         {
            db: "BID",
            id: "6410",
            trust: 1.2,
         },
         {
            db: "BID",
            id: "6397",
            trust: 1.1,
         },
         {
            db: "BID",
            id: "6407",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6408",
            trust: 0.8,
         },
         {
            db: "BID",
            id: "6405",
            trust: 0.8,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
            trust: 0.7,
         },
         {
            db: "OVAL",
            id: "OVAL:ORG.MITRE.OVAL:DEF:5797",
            trust: 0.6,
         },
         {
            db: "CERT/CC",
            id: "CA-2002-36",
            trust: 0.6,
         },
         {
            db: "VULNWATCH",
            id: "20021216 R7-0009: VULNERABILITIES IN SSH2 IMPLEMENTATIONS FROM MULTIPLE VENDORS",
            trust: 0.6,
         },
         {
            db: "VULHUB",
            id: "VHN-5745",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2002-1360",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "30625",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            db: "BID",
            id: "6410",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
   },
   id: "VAR-200212-0627",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5745",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T12:13:58.052000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            title: "2003120403",
            trust: 0.8,
            url: "http://support.f-secure.com/enu/corporate/supportissue/ssh/comments/comments-issue-2003120403.shtml",
         },
         {
            title: "303",
            trust: 0.8,
            url: "http://www.ssh.com/company/newsroom/article/303/",
         },
         {
            title: "ssh-packet-suite-vuln",
            trust: 0.8,
            url: "http://www.cisco.com/japanese/warp/public/3/jp/service/tac/707/ssh-packet-suite-vuln-j.shtml",
         },
         {
            title: "Cisco: SSH Malformed Packet Vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20021219-ssh-packet",
         },
         {
            title: "PuTTY",
            trust: 0.1,
            url: "https://github.com/kaleshashi/putty ",
         },
         {
            title: "PuTTy-",
            trust: 0.1,
            url: "https://github.com/pbr94/putty- ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-20",
            trust: 1.9,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 3.3,
            url: "http://www.cert.org/advisories/ca-2002-36.html",
         },
         {
            trust: 1.8,
            url: "http://securitytracker.com/id?1005812",
         },
         {
            trust: 1.8,
            url: "http://securitytracker.com/id?1005813",
         },
         {
            trust: 1.8,
            url: "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html",
         },
         {
            trust: 1.2,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5797",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/advisories/r7-0009.txt",
         },
         {
            trust: 0.9,
            url: "http://www.rapid7.com/perl/downloadrequest.pl?packagechoice=666",
         },
         {
            trust: 0.9,
            url: "http://www.citi.umich.edu/u/provos/ssh/privsep.html",
         },
         {
            trust: 0.9,
            url: "http://www.kb.cert.org/vuls/id/389665",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-13.txt",
         },
         {
            trust: 0.8,
            url: "http://www.ciac.org/ciac/bulletins/n-028.shtml",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-1360",
         },
         {
            trust: 0.8,
            url: "http://www.jpcert.or.jp/wr/2002/wr025001.txt",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnca-2002-36",
         },
         {
            trust: 0.8,
            url: "http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-1360",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6410",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6407",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6405",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6408",
         },
         {
            trust: 0.8,
            url: "http://www.securityfocus.com/bid/6397",
         },
         {
            trust: 0.6,
            url: "http://www.f-secure.com/",
         },
         {
            trust: 0.6,
            url: "http://www.ssh.com",
         },
         {
            trust: 0.6,
            url: "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:5797",
         },
         {
            trust: 0.3,
            url: "http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml",
         },
         {
            trust: 0.3,
            url: "/archive/1/305241",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/20.html",
         },
         {
            trust: 0.1,
            url: "https://www.rapid7.com/db/vulnerabilities/cisco-sshredder-dos",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://github.com/kaleshashi/putty",
         },
         {
            trust: 0.1,
            url: "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20021219-ssh-packet",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-15.",
         },
         {
            trust: 0.1,
            url: "http://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/",
         },
         {
            trust: 0.1,
            url: "http://www.cert.org/cert_pgp.key",
         },
         {
            trust: 0.1,
            url: "https://www.pragmasys.com",
         },
      ],
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            db: "BID",
            id: "6410",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            db: "BID",
            id: "6410",
         },
         {
            db: "BID",
            id: "6397",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2002-12-16T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6410",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            date: "2002-12-21T10:23:09",
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            date: "2002-12-23T05:00:00",
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            date: "2002-12-23T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2003-06-18T00:00:00",
            db: "CERT/CC",
            id: "VU#389665",
         },
         {
            date: "2017-10-11T00:00:00",
            db: "VULHUB",
            id: "VHN-5745",
         },
         {
            date: "2017-10-11T00:00:00",
            db: "VULMON",
            id: "CVE-2002-1360",
         },
         {
            date: "2009-07-11T19:16:00",
            db: "BID",
            id: "6410",
         },
         {
            date: "2002-12-16T00:00:00",
            db: "BID",
            id: "6397",
         },
         {
            date: "2007-04-01T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2002-000325",
         },
         {
            date: "2017-10-11T01:29:03.807000",
            db: "NVD",
            id: "CVE-2002-1360",
         },
         {
            date: "2009-03-04T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "30625",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Multiple vendors' SSH transport layer protocol implementations contain vulnerabilities in key exchange and initialization",
      sources: [
         {
            db: "CERT/CC",
            id: "VU#389665",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "input validation",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200212-049",
         },
      ],
      trust: 0.6,
   },
}

var-201901-0011
Vulnerability from variot

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. OpenSSH Contains an access control vulnerability.Information may be obtained and information may be altered. OpenSSH is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSH 7.9 version is vulnerable; other versions may also be affected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: March 20, 2019 Bugs: #675520, #675522 ID: 201903-16

Synopsis

Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.9_p1-r4"

References

[ 1 ] CVE-2018-20685 https://nvd.nist.gov/vuln/detail/CVE-2018-20685 [ 2 ] CVE-2019-6109 https://nvd.nist.gov/vuln/detail/CVE-2019-6109 [ 3 ] CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 [ 4 ] CVE-2019-6111 https://nvd.nist.gov/vuln/detail/CVE-2019-6111

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . scp client multiple vulnerabilities =================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt

Overview

SCP clients from multiple vendors are susceptible to a malicious scp server performing unauthorized changes to target directory and/or client output manipulation.

Description

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

Impact

Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output.

Details

The discovered vulnerabilities, described in more detail below, enables the attack described here in brief.

  1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim's home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:

    user@local:~$ scp user@remote:readme.txt . readme.txt 100% 494 1.6KB/s 00:00 user@local:~$

  2. Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.

*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.

Vulnerabilities

  1. CWE-20: scp client improper directory name validation [CVE-2018-20685]

The scp client allows server to modify permissions of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0 .\n") directory name.

  1. CWE-20: scp client missing received object name validation [CVE-2019-6111]

Due to the scp implementation being derived from 1983 rcp [1], the server chooses which files/directories are sent to the client. However, scp client only perform cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys).

The same vulnerability in WinSCP is known as CVE-2018-20684.

Proof-of-Concept

Proof of concept malicious scp server will be released at a later date.

Vulnerable versions

The following software packages have some or all vulnerabilities:

                ver      #1  #2  #3  #4

OpenSSH scp <=7.9 x x x x PuTTY PSCP ? - - x x WinSCP scp mode <=5.13 - x - -

Tectia SSH scpg3 is not affected since it exclusively uses sftp protocol.

Mitigation

  1. OpenSSH

1.1 Switch to sftp if possible

1.2 Alternatively apply the following patch to harden scp against most server-side manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch

 NOTE: This patch may cause problems if the the remote and local shells don't
 agree on the way glob() pattern matching works. YMMV.
  1. PuTTY

2.1 No fix is available yet

  1. WinSCP

3.1. Upgrade to WinSCP 5.14 or later

Similar or prior work

  1. CVE-2000-0992 - scp overwrites arbitrary files

References

  1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access

Credits

The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.

Timeline

2018.08.08 initial discovery of vulnerabilities #1 and #2 2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH 2018.08.10 OpenSSH acknowledged the vulnerabilities 2018.08.14 discovered & reported vulnerability #3 to OpenSSH 2018.08.15 discovered & reported vulnerability #4 to OpenSSH 2018.08.30 reported PSCP vulnerabilities (#3 and #4) to PuTTY developers 2018.08.31 reported WinSCP vulnerability (#2) to WinSCP developers 2018.09.04 WinSCP developers reported the vulnerability #2 fixed 2018.11.12 requested a status update from OpenSSH 2018.11.16 OpenSSH fixed vulnerability #1 2019.01.07 requested a status update from OpenSSH 2019.01.08 requested CVE assignments from MITRE 2019.01.10 received CVE assignments from MITRE 2019.01.11 public disclosure of the advisory 2019.01.14 added a warning about the potential issues caused by the patch

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0011",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "openssh",
            scope: "lte",
            trust: 1,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "scalance x204rna",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "ontap select deploy",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "winscp",
            scope: "lte",
            trust: 1,
            vendor: "winscp",
            version: "5.13",
         },
         {
            model: "storage automation store",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "element software",
            scope: "eq",
            trust: 1,
            vendor: "netapp",
            version: null,
         },
         {
            model: "scalance x204rna eec",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "element software",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "ontap select deploy administration utility",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "storage automation store",
            scope: null,
            trust: 0.8,
            vendor: "netapp",
            version: null,
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.8,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "winscp",
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "linux enterprise server 12-sp2",
            scope: null,
            trust: 0.3,
            vendor: "suse",
            version: null,
         },
         {
            model: "linux enterprise server 12-sp1",
            scope: null,
            trust: 0.3,
            vendor: "suse",
            version: null,
         },
         {
            model: "linux enterprise server sp3",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "12",
         },
         {
            model: "linux enterprise server ga",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "12",
         },
         {
            model: "linux enterprise server sp4",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "11",
         },
         {
            model: "linux enterprise server sp3 ltss",
            scope: "eq",
            trust: 0.3,
            vendor: "suse",
            version: "11",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "7",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "6",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "5",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.9",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.1",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.0",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.4",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "106836",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "7.9",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "5.13",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Harry Sintonen,Gentoo",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2019-6110",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "HIGH",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 4,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 4.9,
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: true,
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "High",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 4,
                  confidentialityImpact: "Partial",
                  exploitabilityScore: null,
                  id: "CVE-2019-6110",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 6.8,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  exploitabilityScore: 1.6,
                  impactScore: 5.2,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 6.8,
                  baseSeverity: "Medium",
                  confidentialityImpact: "High",
                  exploitabilityScore: null,
                  id: "CVE-2019-6110",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "Required",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2019-6110",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201901-468",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2019-6110",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred. OpenSSH Contains an access control vulnerability.Information may be obtained and information may be altered. OpenSSH is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nOpenSSH 7.9 version is  vulnerable; other versions may also be affected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201903-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSH: Multiple vulnerabilities\n     Date: March 20, 2019\n     Bugs: #675520, #675522\n       ID: 201903-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSH, the worst of which\ncould allow a remote attacker to gain unauthorized access. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=net-misc/openssh-7.9_p1-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-20685\n      https://nvd.nist.gov/vuln/detail/CVE-2018-20685\n[ 2 ] CVE-2019-6109\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6109\n[ 3 ] CVE-2019-6110\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6110\n[ 4 ] CVE-2019-6111\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6111\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. scp client multiple vulnerabilities\n===================================\nThe latest version of this advisory is available at:\nhttps://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt\n\n\nOverview\n--------\n\nSCP clients from multiple vendors are susceptible to a malicious scp server performing\nunauthorized changes to target directory and/or client output manipulation. \n\n\nDescription\n-----------\n\nMany scp clients fail to verify if the objects returned by the scp server match those\nit asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate\nflaw in the client allows the target directory attributes to be changed arbitrarily. \nFinally, two vulnerabilities in clients may allow server to spoof the client output. \n\n\nImpact\n------\n\nMalicious scp server can write arbitrary files to scp target directory, change the\ntarget directory permissions and to spoof the client output. \n\n\nDetails\n-------\n\nThe discovered vulnerabilities, described in more detail below, enables the attack\ndescribed here in brief. \n\n1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases\n    file to victim's home directory when the victim performs scp operation from the\n    server. The transfer of extra files is hidden by sending ANSI control sequences\n    via stderr. For example:\n\n    user@local:~$ scp user@remote:readme.txt . \n    readme.txt                                         100%  494     1.6KB/s   00:00\n    user@local:~$\n\n2. Once the victim launches a new shell, the malicious commands in .bash_aliases get\n    executed. \n\n\n*) Man-in-the-Middle attack does require the victim to accept the wrong host\n    fingerprint. \n\n\nVulnerabilities\n---------------\n\n1. CWE-20: scp client improper directory name validation [CVE-2018-20685]\n\nThe scp client allows server to modify permissions of the target directory by using empty\n(\"D0777 0 \\n\") or dot (\"D0777 0 .\\n\") directory name. \n\n\n2. CWE-20: scp client missing received object name validation [CVE-2019-6111]\n\nDue to the scp implementation being derived from 1983 rcp [1], the server chooses which\nfiles/directories are sent to the client. However, scp client only perform cursory\nvalidation of the object name returned (only directory traversal attacks are prevented). \nA malicious scp server can overwrite arbitrary files in the scp client target directory. \nIf recursive operation (-r) is performed, the server can manipulate subdirectories\nas well (for example overwrite .ssh/authorized_keys). \n\nThe same vulnerability in WinSCP is known as CVE-2018-20684. \n\n\n3. \n\n\n4. \n\n\nProof-of-Concept\n----------------\n\nProof of concept malicious scp server will be released at a later date. \n\n\nVulnerable versions\n-------------------\n\nThe following software packages have some or all vulnerabilities:\n\n                    ver      #1  #2  #3  #4\nOpenSSH scp        <=7.9    x   x   x   x\nPuTTY PSCP         ?        -   -   x   x\nWinSCP scp mode    <=5.13   -   x   -   -\n\nTectia SSH scpg3 is not affected since it exclusively uses sftp protocol. \n\n\nMitigation\n----------\n\n1. OpenSSH\n\n1.1 Switch to sftp if possible\n\n1.2 Alternatively apply the following patch to harden scp against most server-side\n     manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch\n\n     NOTE: This patch may cause problems if the the remote and local shells don't\n     agree on the way glob() pattern matching works. YMMV. \n\n2. PuTTY\n\n2.1 No fix is available yet\n\n3. WinSCP\n\n3.1. Upgrade to WinSCP 5.14 or later\n\n\n\nSimilar or prior work\n---------------------\n\n1. CVE-2000-0992 - scp overwrites arbitrary files\n\n\nReferences\n----------\n\n1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access\n\n\nCredits\n-------\n\nThe vulnerability was discovered by Harry Sintonen / F-Secure Corporation. \n\n\nTimeline\n--------\n\n2018.08.08  initial discovery of vulnerabilities #1 and #2\n2018.08.09  reported vulnerabilities #1 and #2 to OpenSSH\n2018.08.10  OpenSSH acknowledged the vulnerabilities\n2018.08.14  discovered & reported vulnerability #3 to OpenSSH\n2018.08.15  discovered & reported vulnerability #4 to OpenSSH\n2018.08.30  reported PSCP vulnerabilities (#3 and #4) to PuTTY developers\n2018.08.31  reported WinSCP vulnerability (#2) to WinSCP developers\n2018.09.04  WinSCP developers reported the vulnerability #2 fixed\n2018.11.12  requested a status update from OpenSSH\n2018.11.16  OpenSSH fixed vulnerability #1\n2019.01.07  requested a status update from OpenSSH\n2019.01.08  requested CVE assignments from MITRE\n2019.01.10  received CVE assignments from MITRE\n2019.01.11  public disclosure of the advisory\n2019.01.14  added a warning about the potential issues caused by the patch\n\n\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "BID",
            id: "106836",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
      ],
      trust: 2.16,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=46193",
            trust: 0.2,
            type: "exploit",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6110",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2019-6110",
            trust: 3,
         },
         {
            db: "EXPLOIT-DB",
            id: "46193",
            trust: 1.7,
         },
         {
            db: "SIEMENS",
            id: "SSA-412672",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "152154",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.1633",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.0346.3",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.0346.2",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.2671",
            trust: 0.6,
         },
         {
            db: "EXPLOIT-DB",
            id: "46516",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
            trust: 0.6,
         },
         {
            db: "BID",
            id: "106836",
            trust: 0.3,
         },
         {
            db: "ICS CERT",
            id: "ICSA-22-349-21",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2019-6110",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151175",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            db: "BID",
            id: "106836",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
   },
   id: "VAR-201901-0011",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.6178670799999999,
   },
   last_update_date: "2023-12-18T11:24:38.696000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "NTAP-20190213-0001",
            trust: 0.8,
            url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
         },
         {
            title: "CVS log for src/usr.bin/ssh/progressmeter.c",
            trust: 0.8,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
         },
         {
            title: "CVS log for src/usr.bin/ssh/scp.c",
            trust: 0.8,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
         },
         {
            title: "Top Page",
            trust: 0.8,
            url: "https://winscp.net/eng/index.php",
         },
         {
            title: "OpenSSH Security vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=88612",
         },
         {
            title: "The Register",
            trust: 0.2,
            url: "https://www.theregister.co.uk/2019/01/15/scp_vulnerability/",
         },
         {
            title: "Debian CVElist Bug Report Logs: CVE-2019-6111 not fixed, file transfer of unwanted files by malicious SSH server still possible",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=74b791ca4fdf54c27d2b50ef6845ef8e",
         },
         {
            title: "IBM: IBM Security Bulletin: IBM DataPower Gateway is affected by a message spoofing vulnerability (CVE-2019-6110)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=2211d00f1dec75d45567fcf2f195085b",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssh: CVE-2018-20685: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8394bb17731a99ef76b185cbc70acfa3",
         },
         {
            title: "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=50a54c2fb43b489f64442dcf4f25bc3b",
         },
         {
            title: "IBM: Security Bulletin: IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=11f5d971f7d860c9a65bb387cd7c4b76",
         },
         {
            title: "Siemens Security Advisories: Siemens Security Advisory",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2019-6110 ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/h4xrox/direct-admin-vulnerability-disclosure ",
         },
         {
            title: "DC-4-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/dc-4-vulnhub-walkthrough ",
         },
         {
            title: "nmap",
            trust: 0.1,
            url: "https://github.com/devairdarolt/nmap ",
         },
         {
            title: "iot-cves",
            trust: 0.1,
            url: "https://github.com/inesmartins31/iot-cves ",
         },
         {
            title: "Funbox2-rookie",
            trust: 0.1,
            url: "https://github.com/vaishali1998/funbox2-rookie ",
         },
         {
            title: "Basic-Pentesting-2-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2-vulnhub-walkthrough ",
         },
         {
            title: "Basic-Pentesting-2",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2 ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-838",
            trust: 1,
         },
         {
            problemtype: "CWE-284",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.1,
            url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/201903-16",
         },
         {
            trust: 1.7,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
         },
         {
            trust: 1.7,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/progressmeter.c",
         },
         {
            trust: 1.7,
            url: "https://www.exploit-db.com/exploits/46193/",
         },
         {
            trust: 1.7,
            url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
         },
         {
            trust: 1.7,
            url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
         },
         {
            trust: 1.6,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6110",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6110",
         },
         {
            trust: 0.6,
            url: "http://www.ibm.com/support/docview.wss?uid=ibm10872060",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/152154/gentoo-linux-security-advisory-201903-16.html",
         },
         {
            trust: 0.6,
            url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10872060",
         },
         {
            trust: 0.6,
            url: "https://www.exploit-db.com/exploits/46516",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/80574",
         },
         {
            trust: 0.6,
            url: "https://www.ibm.com/support/pages/node/1143460",
         },
         {
            trust: 0.6,
            url: "https://www.ibm.com/support/docview.wss?uid=ibm10960177",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.2671/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.0346.2/",
         },
         {
            trust: 0.6,
            url: "https://www-01.ibm.com/support/docview.wss?uid=ibm10883886",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2019.0346.3/",
         },
         {
            trust: 0.3,
            url: "http://www.openssh.org/",
         },
         {
            trust: 0.3,
            url: "https://support.f5.com/csp/article/k42531048",
         },
         {
            trust: 0.3,
            url: "https://access.redhat.com/security/cve/cve-2019-6110",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6111",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6109",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20685",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/838.html",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=59543",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.exploit-db.com/exploits/46193",
         },
         {
            trust: 0.1,
            url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20684",
         },
         {
            trust: 0.1,
            url: "https://sintonen.fi/advisories/scp-name-validator.patch",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2000-0992",
         },
         {
            trust: 0.1,
            url: "https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            db: "BID",
            id: "106836",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            db: "BID",
            id: "106836",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "NVD",
            id: "CVE-2019-6110",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-01-31T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            date: "2018-11-16T00:00:00",
            db: "BID",
            id: "106836",
         },
         {
            date: "2019-03-15T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            date: "2019-03-20T16:09:02",
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            date: "2019-01-16T15:04:39",
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            date: "2019-01-31T18:29:00.807000",
            db: "NVD",
            id: "CVE-2019-6110",
         },
         {
            date: "2019-01-15T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-02-23T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6110",
         },
         {
            date: "2018-11-16T00:00:00",
            db: "BID",
            id: "106836",
         },
         {
            date: "2019-03-15T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
         {
            date: "2023-02-23T23:29:26.993000",
            db: "NVD",
            id: "CVE-2019-6110",
         },
         {
            date: "2022-12-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
      trust: 0.7,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenSSH Access control vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-001595",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "access control error",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201901-468",
         },
      ],
      trust: 0.6,
   },
}

var-201901-0012
Vulnerability from variot

An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). OpenSSH Contains an input validation vulnerability.Information may be tampered with. OpenSSH is prone to an arbitrary file-overwrite vulnerability. Successful exploits may allow an attacker to overwrite arbitrary files in the context of the user running the affected application. OpenSSH 7.9 and prior versions are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-16

                                       https://security.gentoo.org/

Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: March 20, 2019 Bugs: #675520, #675522 ID: 201903-16

Synopsis

Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-misc/openssh < 7.9_p1-r4 >= 7.9_p1-r4

Description

Multiple vulnerabilities have been discovered in OpenSSH. Please review the CVE identifiers referenced below for details.

Workaround

There is no known workaround at this time.

Resolution

All OpenSSH users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.9_p1-r4"

References

[ 1 ] CVE-2018-20685 https://nvd.nist.gov/vuln/detail/CVE-2018-20685 [ 2 ] CVE-2019-6109 https://nvd.nist.gov/vuln/detail/CVE-2019-6109 [ 3 ] CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 [ 4 ] CVE-2019-6111 https://nvd.nist.gov/vuln/detail/CVE-2019-6111

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201903-16

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

===================================================================== Red Hat Security Advisory

Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:3702-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3702 Issue date: 2019-11-05 CVE Names: CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 =====================================================================

  1. Summary:

An update for openssh is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64

  1. Description:

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.

The following packages have been upgraded to a later upstream version: openssh (8.0p1).

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0 1691045 - Rebase OpenSSH to latest release (8.0p1?) 1707485 - Use high-level API to do signatures 1712436 - MD5 is used when writing password protected PEM 1732424 - ssh-keygen -A fails in FIPS mode because of DSA key 1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy

  1. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

aarch64: openssh-askpass-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm

ppc64le: openssh-askpass-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm

s390x: openssh-askpass-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm

x86_64: openssh-askpass-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm

Red Hat Enterprise Linux BaseOS (v. 8):

Source: openssh-8.0p1-3.el8.src.rpm

aarch64: openssh-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm

ppc64le: openssh-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm

s390x: openssh-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm

x86_64: openssh-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

  1. References:

https://access.redhat.com/security/cve/CVE-2018-20685 https://access.redhat.com/security/cve/CVE-2019-6109 https://access.redhat.com/security/cve/CVE-2019-6111 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1 dPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8 ArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2 MhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X QCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT pILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL IyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU +gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR rIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH rt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8 TZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8 I+am8dhVlyM= =iPw4 -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .

Description

Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output.

Details

The discovered vulnerabilities, described in more detail below, enables the attack described here in brief.

  1. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example:

    user@local:~$ scp user@remote:readme.txt . readme.txt 100% 494 1.6KB/s 00:00 user@local:~$

  2. Once the victim launches a new shell, the malicious commands in .bash_aliases get executed.

*) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint.

Vulnerabilities

The same vulnerability in WinSCP is known as CVE-2018-20684.

  1. CWE-451: scp client spoofing via object name [CVE-2019-6109]

Due to missing character encoding in the progress display, the object name can be used to manipulate the client output, for example to employ ANSI codes to hide additional files being transferred.

Proof-of-Concept

Proof of concept malicious scp server will be released at a later date.

Vulnerable versions

The following software packages have some or all vulnerabilities:

                ver      #1  #2  #3  #4

OpenSSH scp <=7.9 x x x x PuTTY PSCP ? - - x x WinSCP scp mode <=5.13 - x - -

Tectia SSH scpg3 is not affected since it exclusively uses sftp protocol.

Mitigation

  1. OpenSSH

1.1 Switch to sftp if possible

1.2 Alternatively apply the following patch to harden scp against most server-side manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch

 NOTE: This patch may cause problems if the the remote and local shells don't
 agree on the way glob() pattern matching works. YMMV.
  1. PuTTY

2.1 No fix is available yet

  1. WinSCP

3.1. Upgrade to WinSCP 5.14 or later

Similar or prior work

  1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access

Credits

The vulnerability was discovered by Harry Sintonen / F-Secure Corporation.

Timeline

2018.08.08 initial discovery of vulnerabilities #1 and #2 2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH 2018.08.10 OpenSSH acknowledged the vulnerabilities 2018.08.14 discovered & reported vulnerability #3 to OpenSSH 2018.08.15 discovered & reported vulnerability #4 to OpenSSH 2018.08.30 reported PSCP vulnerabilities (#3 and #4) to PuTTY developers 2018.08.31 reported WinSCP vulnerability (#2) to WinSCP developers 2018.09.04 WinSCP developers reported the vulnerability #2 fixed 2018.11.12 requested a status update from OpenSSH 2018.11.16 OpenSSH fixed vulnerability #1 2019.01.07 requested a status update from OpenSSH 2019.01.08 requested CVE assignments from MITRE 2019.01.10 received CVE assignments from MITRE 2019.01.11 public disclosure of the advisory 2019.01.14 added a warning about the potential issues caused by the patch

. ========================================================================== Ubuntu Security Notice USN-3885-2 March 04, 2019

openssh vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 18.10
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

One of the fixes in USN-3885-1 was incomplete.

Software Description: - openssh: secure shell (SSH) for secure access to remote machines

Details:

USN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix for CVE-2019-6111 turned out to be incomplete. This update fixes the problem.

Original advisory details:

Harry Sintonen discovered multiple issues in the OpenSSH scp utility.

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.10: openssh-client 1:7.7p1-4ubuntu0.3

Ubuntu 18.04 LTS: openssh-client 1:7.6p1-4ubuntu0.3

Ubuntu 16.04 LTS: openssh-client 1:7.2p2-4ubuntu2.8

Ubuntu 14.04 LTS: openssh-client 1:6.6p1-2ubuntu2.13

In general, a standard system update will make all the necessary changes. All the vulnerabilities are in found in the scp client implementing the SCP protocol. The check added in this version can lead to regression if the client and the server have differences in wildcard expansion rules. If the server is trusted for that purpose, the check can be disabled with a new -T option to the scp client.

For the stable distribution (stretch), these problems have been fixed in version 1:7.4p1-10+deb9u5.

For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX RFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ t2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX ueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF sEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9 GHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC bHFd+tbxB1LxEO96zKguYpPIzw7Kcw== =5Fd8 -----END PGP SIGNATURE-----

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0012",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "m10-4",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "scalance x204rna eec",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "m10-4s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "m10-4",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "openssh",
            scope: "lte",
            trust: 1,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "freebsd",
            scope: "eq",
            trust: 1,
            vendor: "freebsd",
            version: "12.0",
         },
         {
            model: "m12-2",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.6",
         },
         {
            model: "m10-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "m10-4s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.10",
         },
         {
            model: "enterprise linux server tus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.2",
         },
         {
            model: "m12-2",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "scalance x204rna",
            scope: "lt",
            trust: 1,
            vendor: "siemens",
            version: "3.2.7",
         },
         {
            model: "m12-2s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "m12-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp2361",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "9.0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.0",
         },
         {
            model: "m10-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "linux",
            scope: "eq",
            trust: 1,
            vendor: "debian",
            version: "8.0",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "16.04",
         },
         {
            model: "enterprise linux server aus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "fedora",
            scope: "eq",
            trust: 1,
            vendor: "fedoraproject",
            version: "30",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.1",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "14.04",
         },
         {
            model: "winscp",
            scope: "lte",
            trust: 1,
            vendor: "winscp",
            version: "5.1.3",
         },
         {
            model: "ubuntu linux",
            scope: "eq",
            trust: 1,
            vendor: "canonical",
            version: "18.04",
         },
         {
            model: "mina sshd",
            scope: "eq",
            trust: 1,
            vendor: "apache",
            version: "2.2.0",
         },
         {
            model: "enterprise linux eus",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "8.4",
         },
         {
            model: "m12-2s",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "m12-1",
            scope: "lt",
            trust: 1,
            vendor: "fujitsu",
            version: "xcp3070",
         },
         {
            model: "freebsd",
            scope: "lt",
            trust: 1,
            vendor: "freebsd",
            version: "12.0",
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 1,
            vendor: "redhat",
            version: "7.0",
         },
         {
            model: "ubuntu",
            scope: null,
            trust: 0.8,
            vendor: "canonical",
            version: null,
         },
         {
            model: "gnu/linux",
            scope: null,
            trust: 0.8,
            vendor: "debian",
            version: null,
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.8,
            vendor: "openbsd",
            version: "7.9",
         },
         {
            model: "winscp",
            scope: null,
            trust: 0.8,
            vendor: "winscp",
            version: null,
         },
         {
            model: "enterprise linux",
            scope: null,
            trust: 0.8,
            vendor: "red hat",
            version: null,
         },
         {
            model: "enterprise linux",
            scope: "eq",
            trust: 0.3,
            vendor: "redhat",
            version: "7",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.0",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.7.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.7",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.6.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.5",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.4",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.3",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.0.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.0.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "3.0",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.9.9",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.9",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.5.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.5.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.5",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.3",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.1.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "2.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "1.2.3",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "1.2.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.9",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.7",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.6",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.4",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.3",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "7.0",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.9",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.8",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.7",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.6",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.5",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.4",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.3",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "6.0",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.8",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.7",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.6",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.5",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.4",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.3",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.2",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.1",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "5.0",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.9",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.8",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.7",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.6",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.5",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.4",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "4.3.0",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "1.127",
         },
         {
            model: "openssh",
            scope: "eq",
            trust: 0.3,
            vendor: "openssh",
            version: "1.126",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.1",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "5.0",
         },
         {
            model: "traffix sdc",
            scope: "eq",
            trust: 0.3,
            vendor: "f5",
            version: "4.4",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "106741",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "7.9",
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:winscp:winscp:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndIncluding: "5.1.3",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:apache:mina_sshd:2.2.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
                        cpe_name: [],
                        versionEndExcluding: "12.0",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp2361",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m10-4s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m10-4s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-1_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-1:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:fujitsu:m12-2s_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "xcp3070",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:fujitsu:m12-2s:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:siemens:scalance_x204rna_eec_firmware:*:*:*:*:*:*:*:*",
                              cpe_name: [],
                              versionEndExcluding: "3.2.7",
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:h:siemens:scalance_x204rna_eec:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Ubuntu,Harry Sintonen,Gentoo",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2019-6111",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "MEDIUM",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "PARTIAL",
                  baseScore: 5.8,
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 8.6,
                  impactScore: 4.9,
                  integrityImpact: "PARTIAL",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                  version: "2.0",
               },
               {
                  acInsufInfo: null,
                  accessComplexity: "Medium",
                  accessVector: "Network",
                  authentication: "None",
                  author: "NVD",
                  availabilityImpact: "Partial",
                  baseScore: 5.8,
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2019-6111",
                  impactScore: null,
                  integrityImpact: "Partial",
                  obtainAllPrivilege: null,
                  obtainOtherPrivilege: null,
                  obtainUserPrivilege: null,
                  severity: "Medium",
                  trust: 0.9,
                  userInteractionRequired: null,
                  vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                  version: "2.0",
               },
            ],
            cvssV3: [
               {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  exploitabilityScore: 2.2,
                  impactScore: 3.6,
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  trust: 1,
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.1",
               },
               {
                  attackComplexity: "High",
                  attackVector: "Network",
                  author: "NVD",
                  availabilityImpact: "None",
                  baseScore: 5.9,
                  baseSeverity: "Medium",
                  confidentialityImpact: "None",
                  exploitabilityScore: null,
                  id: "CVE-2019-6111",
                  impactScore: null,
                  integrityImpact: "High",
                  privilegesRequired: "None",
                  scope: "Unchanged",
                  trust: 0.8,
                  userInteraction: "None",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                  version: "3.0",
               },
            ],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2019-6111",
                  trust: 1.8,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201901-767",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULMON",
                  id: "CVE-2019-6111",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). OpenSSH Contains an input validation vulnerability.Information may be tampered with. OpenSSH is prone to an arbitrary file-overwrite vulnerability. \nSuccessful exploits may allow an attacker to overwrite arbitrary files in the context of the user running the affected application. \nOpenSSH 7.9 and prior versions are vulnerable. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201903-16\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: OpenSSH: Multiple vulnerabilities\n     Date: March 20, 2019\n     Bugs: #675520, #675522\n       ID: 201903-16\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in OpenSSH, the worst of which\ncould allow a remote attacker to gain unauthorized access. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-misc/openssh           < 7.9_p1-r4              >= 7.9_p1-r4 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in OpenSSH. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll OpenSSH users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \">=net-misc/openssh-7.9_p1-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-20685\n      https://nvd.nist.gov/vuln/detail/CVE-2018-20685\n[ 2 ] CVE-2019-6109\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6109\n[ 3 ] CVE-2019-6110\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6110\n[ 4 ] CVE-2019-6111\n      https://nvd.nist.gov/vuln/detail/CVE-2019-6111\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201903-16\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users' machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n                   Red Hat Security Advisory\n\nSynopsis:          Moderate: openssh security, bug fix, and enhancement update\nAdvisory ID:       RHSA-2019:3702-01\nProduct:           Red Hat Enterprise Linux\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2019:3702\nIssue date:        2019-11-05\nCVE Names:         CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 \n=====================================================================\n\n1. Summary:\n\nAn update for openssh is now available for Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64\n\n3. Description:\n\nOpenSSH is an SSH protocol implementation supported by a number of Linux,\nUNIX, and similar operating systems. It includes the core files necessary\nfor both the OpenSSH client and server. \n\nThe following packages have been upgraded to a later upstream version:\nopenssh (8.0p1). \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.1 Release Notes linked from the References section. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the OpenSSH server daemon (sshd) will be\nrestarted automatically. \n1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0\n1691045 - Rebase OpenSSH to latest release (8.0p1?)\n1707485 - Use high-level API to do signatures\n1712436 - MD5 is used when writing password protected PEM\n1732424 - ssh-keygen -A fails in FIPS mode because of DSA key\n1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy\n\n6. Package List:\n\nRed Hat Enterprise Linux AppStream (v. 8):\n\naarch64:\nopenssh-askpass-8.0p1-3.el8.aarch64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debugsource-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm\n\nppc64le:\nopenssh-askpass-8.0p1-3.el8.ppc64le.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debugsource-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm\n\ns390x:\nopenssh-askpass-8.0p1-3.el8.s390x.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debugsource-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.s390x.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm\n\nx86_64:\nopenssh-askpass-8.0p1-3.el8.x86_64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debugsource-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm\n\nRed Hat Enterprise Linux BaseOS (v. 8):\n\nSource:\nopenssh-8.0p1-3.el8.src.rpm\n\naarch64:\nopenssh-8.0p1-3.el8.aarch64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-8.0p1-3.el8.aarch64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-8.0p1-3.el8.aarch64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-debugsource-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-8.0p1-3.el8.aarch64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-8.0p1-3.el8.aarch64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm\nopenssh-server-8.0p1-3.el8.aarch64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm\n\nppc64le:\nopenssh-8.0p1-3.el8.ppc64le.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-8.0p1-3.el8.ppc64le.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-8.0p1-3.el8.ppc64le.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-debugsource-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-8.0p1-3.el8.ppc64le.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-8.0p1-3.el8.ppc64le.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-8.0p1-3.el8.ppc64le.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm\n\ns390x:\nopenssh-8.0p1-3.el8.s390x.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-8.0p1-3.el8.s390x.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-clients-8.0p1-3.el8.s390x.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-debugsource-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-8.0p1-3.el8.s390x.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-8.0p1-3.el8.s390x.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm\nopenssh-server-8.0p1-3.el8.s390x.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.s390x.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm\n\nx86_64:\nopenssh-8.0p1-3.el8.x86_64.rpm\nopenssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-8.0p1-3.el8.x86_64.rpm\nopenssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-8.0p1-3.el8.x86_64.rpm\nopenssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-debugsource-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-8.0p1-3.el8.x86_64.rpm\nopenssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-8.0p1-3.el8.x86_64.rpm\nopenssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm\nopenssh-server-8.0p1-3.el8.x86_64.rpm\nopenssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm\npam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm\npam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-20685\nhttps://access.redhat.com/security/cve/CVE-2019-6109\nhttps://access.redhat.com/security/cve/CVE-2019-6111\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is <secalert@redhat.com>. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1\ndPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8\nArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2\nMhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X\nQCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT\npILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL\nIyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU\n+gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR\nrIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH\nrt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8\nTZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8\nI+am8dhVlyM=\n=iPw4\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\n\nDescription\n-----------\n\nMany scp clients fail to verify if the objects returned by the scp server match those\nit asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate\nflaw in the client allows the target directory attributes to be changed arbitrarily. \nFinally, two vulnerabilities in clients may allow server to spoof the client output. \n\n\nDetails\n-------\n\nThe discovered vulnerabilities, described in more detail below, enables the attack\ndescribed here in brief. \n\n1. The transfer of extra files is hidden by sending ANSI control sequences\n    via stderr. For example:\n\n    user@local:~$ scp user@remote:readme.txt . \n    readme.txt                                         100%  494     1.6KB/s   00:00\n    user@local:~$\n\n2. Once the victim launches a new shell, the malicious commands in .bash_aliases get\n    executed. \n\n\n*) Man-in-the-Middle attack does require the victim to accept the wrong host\n    fingerprint. \n\n\nVulnerabilities\n---------------\n\n1. \n\n\n2. \n\nThe same vulnerability in WinSCP is known as CVE-2018-20684. \n\n\n3. CWE-451: scp client spoofing via object name [CVE-2019-6109]\n\nDue to missing character encoding in the progress display, the object name can be used\nto manipulate the client output, for example to employ ANSI codes to hide additional\nfiles being transferred. \n\n\n4. \n\n\nProof-of-Concept\n----------------\n\nProof of concept malicious scp server will be released at a later date. \n\n\nVulnerable versions\n-------------------\n\nThe following software packages have some or all vulnerabilities:\n\n                    ver      #1  #2  #3  #4\nOpenSSH scp        <=7.9    x   x   x   x\nPuTTY PSCP         ?        -   -   x   x\nWinSCP scp mode    <=5.13   -   x   -   -\n\nTectia SSH scpg3 is not affected since it exclusively uses sftp protocol. \n\n\nMitigation\n----------\n\n1. OpenSSH\n\n1.1 Switch to sftp if possible\n\n1.2 Alternatively apply the following patch to harden scp against most server-side\n     manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch\n\n     NOTE: This patch may cause problems if the the remote and local shells don't\n     agree on the way glob() pattern matching works. YMMV. \n\n2. PuTTY\n\n2.1 No fix is available yet\n\n3. WinSCP\n\n3.1. Upgrade to WinSCP 5.14 or later\n\n\n\nSimilar or prior work\n---------------------\n\n1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access\n\n\nCredits\n-------\n\nThe vulnerability was discovered by Harry Sintonen / F-Secure Corporation. \n\n\nTimeline\n--------\n\n2018.08.08  initial discovery of vulnerabilities #1 and #2\n2018.08.09  reported vulnerabilities #1 and #2 to OpenSSH\n2018.08.10  OpenSSH acknowledged the vulnerabilities\n2018.08.14  discovered & reported vulnerability #3 to OpenSSH\n2018.08.15  discovered & reported vulnerability #4 to OpenSSH\n2018.08.30  reported PSCP vulnerabilities (#3 and #4) to PuTTY developers\n2018.08.31  reported WinSCP vulnerability (#2) to WinSCP developers\n2018.09.04  WinSCP developers reported the vulnerability #2 fixed\n2018.11.12  requested a status update from OpenSSH\n2018.11.16  OpenSSH fixed vulnerability #1\n2019.01.07  requested a status update from OpenSSH\n2019.01.08  requested CVE assignments from MITRE\n2019.01.10  received CVE assignments from MITRE\n2019.01.11  public disclosure of the advisory\n2019.01.14  added a warning about the potential issues caused by the patch\n\n\n. ==========================================================================\nUbuntu Security Notice USN-3885-2\nMarch 04, 2019\n\nopenssh vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nOne of the fixes in USN-3885-1 was incomplete. \n\nSoftware Description:\n- openssh: secure shell (SSH) for secure access to remote machines\n\nDetails:\n\nUSN-3885-1 fixed vulnerabilities in OpenSSH. It was discovered that the fix\nfor CVE-2019-6111 turned out to be incomplete. This update fixes the\nproblem. \n\nOriginal advisory details:\n\n Harry Sintonen discovered multiple issues in the OpenSSH scp utility. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n  openssh-client                  1:7.7p1-4ubuntu0.3\n\nUbuntu 18.04 LTS:\n  openssh-client                  1:7.6p1-4ubuntu0.3\n\nUbuntu 16.04 LTS:\n  openssh-client                  1:7.2p2-4ubuntu2.8\n\nUbuntu 14.04 LTS:\n  openssh-client                  1:6.6p1-2ubuntu2.13\n\nIn general, a standard system update will make all the necessary changes. All the vulnerabilities\nare in found in the scp client implementing the SCP protocol. \n    The check added in this version can lead to regression if the client and\n    the server have differences in wildcard expansion rules. If the server is\n    trusted for that purpose, the check can be disabled with a new -T option to\n    the scp client. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:7.4p1-10+deb9u5. \n\nFor the detailed security status of openssh please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssh\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX\nRFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ\nt2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX\nueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF\nsEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9\nGHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC\nbHFd+tbxB1LxEO96zKguYpPIzw7Kcw==\n=5Fd8\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "BID",
            id: "106741",
         },
         {
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            db: "PACKETSTORM",
            id: "151948",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151954",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
      ],
      trust: 2.52,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://vulmon.com/exploitdetails?qidtp=exploitdb&qid=46193",
            trust: 0.2,
            type: "exploit",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6111",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2019-6111",
            trust: 3.4,
         },
         {
            db: "BID",
            id: "106741",
            trust: 2,
         },
         {
            db: "EXPLOIT-DB",
            id: "46193",
            trust: 1.7,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2022/08/02/1",
            trust: 1.7,
         },
         {
            db: "OPENWALL",
            id: "OSS-SECURITY/2019/04/18/1",
            trust: 1.7,
         },
         {
            db: "SIEMENS",
            id: "SSA-412672",
            trust: 1.7,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
            trust: 0.8,
         },
         {
            db: "PACKETSTORM",
            id: "152154",
            trust: 0.7,
         },
         {
            db: "PACKETSTORM",
            id: "151954",
            trust: 0.7,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.1255",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1280.2",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1411.2",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1280",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1411.3",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.0410.3",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2020.1411",
            trust: 0.6,
         },
         {
            db: "AUSCERT",
            id: "ESB-2019.0605",
            trust: 0.6,
         },
         {
            db: "EXPLOIT-DB",
            id: "46516",
            trust: 0.6,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
            trust: 0.6,
         },
         {
            db: "ICS CERT",
            id: "ICSA-22-349-21",
            trust: 0.1,
         },
         {
            db: "VULMON",
            id: "CVE-2019-6111",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151948",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "155158",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151175",
            trust: 0.1,
         },
         {
            db: "PACKETSTORM",
            id: "151601",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            db: "BID",
            id: "106741",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "PACKETSTORM",
            id: "151948",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151954",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
   },
   id: "VAR-201901-0012",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 0.6178670799999999,
   },
   last_update_date: "2023-12-18T11:52:47.562000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "[SECURITY] [DLA 1728-1] openssh security update",
            trust: 0.8,
            url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
         },
         {
            title: "DSA-4387",
            trust: 0.8,
            url: "https://www.debian.org/security/2019/dsa-4387",
         },
         {
            title: "CVS log for src/usr.bin/ssh/scp.c",
            trust: 0.8,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
         },
         {
            title: "Bug 1677794",
            trust: 0.8,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
         },
         {
            title: "USN-3885-1",
            trust: 0.8,
            url: "https://usn.ubuntu.com/3885-1/",
         },
         {
            title: "USN-3885-2",
            trust: 0.8,
            url: "https://usn.ubuntu.com/3885-2/",
         },
         {
            title: "Recent Version History",
            trust: 0.8,
            url: "https://winscp.net/eng/docs/history",
         },
         {
            title: "OpenSSH Security vulnerabilities",
            trust: 0.6,
            url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=88866",
         },
         {
            title: "The Register",
            trust: 0.2,
            url: "https://www.theregister.co.uk/2019/01/15/scp_vulnerability/",
         },
         {
            title: "Red Hat: Moderate: openssh security, bug fix, and enhancement update",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20193702 - security advisory",
         },
         {
            title: "Ubuntu Security Notice: openssh vulnerability",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3885-2",
         },
         {
            title: "Ubuntu Security Notice: openssh vulnerabilities",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3885-1",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssh-client: scp can send arbitrary control characters / escape sequences to the terminal (CVE-2019-6109)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=dffe92fd93b8f745f5f15bc2f29dc935",
         },
         {
            title: "Debian CVElist Bug Report Logs: CVE-2019-6111 not fixed, file transfer of unwanted files by malicious SSH server still possible",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=74b791ca4fdf54c27d2b50ef6845ef8e",
         },
         {
            title: "Debian CVElist Bug Report Logs: netkit-rsh: CVE-2019-7282 CVE-2019-7283",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=a043554ad34dcb6b0dc285dc8ea3ce0d",
         },
         {
            title: "Arch Linux Issues: ",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2019-6111",
         },
         {
            title: "Debian CVElist Bug Report Logs: openssh: CVE-2018-20685: scp.c in the scp client allows remote SSH servers to bypass intended access restrictions",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=8394bb17731a99ef76b185cbc70acfa3",
         },
         {
            title: "Arch Linux Advisories: [ASA-201904-11] openssh: multiple issues",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=asa-201904-11",
         },
         {
            title: "Amazon Linux AMI: ALAS-2019-1313",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=alas-2019-1313",
         },
         {
            title: "Amazon Linux 2: ALAS2-2019-1216",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2019-1216",
         },
         {
            title: "IBM: IBM Security Bulletin: Vulnerabilities in OpenSSH affect AIX (CVE-2018-20685 CVE-2018-6109 CVE-2018-6110 CVE-2018-6111) Security Bulletin",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=50a54c2fb43b489f64442dcf4f25bc3b",
         },
         {
            title: "IBM: Security Bulletin: Multiple vulnerabilities affect IBM Cloud Object Storage Systems (February 2020v1)",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=979e60202a29c3c55731e37f8ddc5a3b",
         },
         {
            title: "IBM: IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Releases 1801-w and 1801-y",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=bf3f2299a8658b7cd3984c40e7060666",
         },
         {
            title: "Siemens Security Advisories: Siemens Security Advisory",
            trust: 0.1,
            url: "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/live-hack-cve/cve-2019-6111 ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/antonvanassche/csv-npe2223 ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/tommasobilotta/public ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/h4xrox/direct-admin-vulnerability-disclosure ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/numaan911098/leadgenapp-bug-report ",
         },
         {
            title: "DC-4-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/dc-4-vulnhub-walkthrough ",
         },
         {
            title: "nmap",
            trust: 0.1,
            url: "https://github.com/devairdarolt/nmap ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/iknowmyname/nmap-scans-m2 ",
         },
         {
            title: "cveScannerV2",
            trust: 0.1,
            url: "https://github.com/retr0-13/cvescannerv2 ",
         },
         {
            title: "TrivyWeb",
            trust: 0.1,
            url: "https://github.com/korayagaya/trivyweb ",
         },
         {
            title: "iot-cves",
            trust: 0.1,
            url: "https://github.com/inesmartins31/iot-cves ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/scmanjarrez/testrepository ",
         },
         {
            title: "github_aquasecurity_trivy",
            trust: 0.1,
            url: "https://github.com/back8/github_aquasecurity_trivy ",
         },
         {
            title: "Funbox2-rookie",
            trust: 0.1,
            url: "https://github.com/vaishali1998/funbox2-rookie ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/simiyo/trivy ",
         },
         {
            title: "security",
            trust: 0.1,
            url: "https://github.com/umahari/security ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/mohzeela/external-secret ",
         },
         {
            title: "Vulnerability-Scanner-for-Containers",
            trust: 0.1,
            url: "https://github.com/t31m0/vulnerability-scanner-for-containers ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/aquasecurity/trivy ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/knqyf263/trivy ",
         },
         {
            title: "trivy",
            trust: 0.1,
            url: "https://github.com/siddharthraopotukuchi/trivy ",
         },
         {
            title: "Basic-Pentesting-2-Vulnhub-Walkthrough",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2-vulnhub-walkthrough ",
         },
         {
            title: "",
            trust: 0.1,
            url: "https://github.com/bioly230/thm_skynet ",
         },
         {
            title: "Basic-Pentesting-2",
            trust: 0.1,
            url: "https://github.com/vshaliii/basic-pentesting-2 ",
         },
         {
            title: "PoC",
            trust: 0.1,
            url: "https://github.com/jonathan-elias/poc ",
         },
         {
            title: "PoC-in-GitHub",
            trust: 0.1,
            url: "https://github.com/developer3000s/poc-in-github ",
         },
         {
            title: "CVE-POC",
            trust: 0.1,
            url: "https://github.com/0xt11/cve-poc ",
         },
         {
            title: "PoC-in-GitHub",
            trust: 0.1,
            url: "https://github.com/hectorgie/poc-in-github ",
         },
         {
            title: "PoC-in-GitHub",
            trust: 0.1,
            url: "https://github.com/nomi-sec/poc-in-github ",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-22",
            trust: 1,
         },
         {
            problemtype: "CWE-20",
            trust: 0.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 2.9,
            url: "http://www.securityfocus.com/bid/106741",
         },
         {
            trust: 2.5,
            url: "https://access.redhat.com/errata/rhsa-2019:3702",
         },
         {
            trust: 2.3,
            url: "https://www.debian.org/security/2019/dsa-4387",
         },
         {
            trust: 2.1,
            url: "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
         },
         {
            trust: 2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6111",
         },
         {
            trust: 1.8,
            url: "https://usn.ubuntu.com/3885-2/",
         },
         {
            trust: 1.8,
            url: "https://security.gentoo.org/glsa/201903-16",
         },
         {
            trust: 1.7,
            url: "https://cvsweb.openbsd.org/src/usr.bin/ssh/scp.c",
         },
         {
            trust: 1.7,
            url: "https://www.exploit-db.com/exploits/46193/",
         },
         {
            trust: 1.7,
            url: "https://usn.ubuntu.com/3885-1/",
         },
         {
            trust: 1.7,
            url: "https://security.netapp.com/advisory/ntap-20190213-0001/",
         },
         {
            trust: 1.7,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1677794",
         },
         {
            trust: 1.7,
            url: "https://lists.debian.org/debian-lts-announce/2019/03/msg00030.html",
         },
         {
            trust: 1.7,
            url: "http://www.openwall.com/lists/oss-security/2019/04/18/1",
         },
         {
            trust: 1.7,
            url: "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00058.html",
         },
         {
            trust: 1.7,
            url: "https://www.freebsd.org/security/advisories/freebsd-en-19:10.scp.asc",
         },
         {
            trust: 1.7,
            url: "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
         },
         {
            trust: 1.7,
            url: "http://www.openwall.com/lists/oss-security/2022/08/02/1",
         },
         {
            trust: 1.7,
            url: "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
         },
         {
            trust: 1.1,
            url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/w3yvq2bptovdcfdvnc2ggf5p5isfg37g/",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23%40%3cdev.mina.apache.org%3e",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b%40%3cdev.mina.apache.org%3e",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f%40%3cdev.mina.apache.org%3e",
         },
         {
            trust: 1.1,
            url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a%40%3cdev.mina.apache.org%3e",
         },
         {
            trust: 0.8,
            url: "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6111",
         },
         {
            trust: 0.6,
            url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/w3yvq2bptovdcfdvnc2ggf5p5isfg37g/",
         },
         {
            trust: 0.6,
            url: "https://lists.apache.org/thread.html/d540139359de999b0f1c87d05b715be4d7d4bec771e1ae55153c5c7a@%3cdev.mina.apache.org%3e",
         },
         {
            trust: 0.6,
            url: "https://lists.apache.org/thread.html/c7301cab36a86825359e1b725fc40304d1df56dc6d107c1fe885148b@%3cdev.mina.apache.org%3e",
         },
         {
            trust: 0.6,
            url: "https://lists.apache.org/thread.html/e47597433b351d6e01a5d68d610b4ba195743def9730e49561e8cf3f@%3cdev.mina.apache.org%3e",
         },
         {
            trust: 0.6,
            url: "https://lists.apache.org/thread.html/c45d9bc90700354b58fb7455962873c44229841880dcb64842fa7d23@%3cdev.mina.apache.org%3e",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-20190496-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.suse.com/support/update/announcement/2019/suse-su-201914016-1.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1411/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/75338",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1280.2/",
         },
         {
            trust: 0.6,
            url: "https://www.exploit-db.com/exploits/46516",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/76170",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/152154/gentoo-linux-security-advisory-201903-16.html",
         },
         {
            trust: 0.6,
            url: "https://packetstormsecurity.com/files/151954/ubuntu-security-notice-usn-3885-2.html",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1411.2/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1280/",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/esb-2020.1411.3",
         },
         {
            trust: 0.6,
            url: "https://www.auscert.org.au/bulletins/78934",
         },
         {
            trust: 0.4,
            url: "https://access.redhat.com/security/cve/cve-2019-6111",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6109",
         },
         {
            trust: 0.4,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20685",
         },
         {
            trust: 0.3,
            url: "http://www.openssh.org/",
         },
         {
            trust: 0.3,
            url: "https://bugzilla.redhat.com/show_bug.cgi?id=1666127",
         },
         {
            trust: 0.3,
            url: "https://support.f5.com/csp/article/k21350967",
         },
         {
            trust: 0.2,
            url: "https://www.debian.org/security/",
         },
         {
            trust: 0.2,
            url: "https://www.debian.org/security/faq",
         },
         {
            trust: 0.2,
            url: "https://security-tracker.debian.org/tracker/openssh",
         },
         {
            trust: 0.2,
            url: "https://nvd.nist.gov/vuln/detail/cve-2019-6110",
         },
         {
            trust: 0.1,
            url: "https://cwe.mitre.org/data/definitions/22.html",
         },
         {
            trust: 0.1,
            url: "https://tools.cisco.com/security/center/viewalert.x?alertid=59544",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov",
         },
         {
            trust: 0.1,
            url: "https://www.exploit-db.com/exploits/46193",
         },
         {
            trust: 0.1,
            url: "https://www.cisa.gov/uscert/ics/advisories/icsa-22-349-21",
         },
         {
            trust: 0.1,
            url: "https://creativecommons.org/licenses/by-sa/2.5",
         },
         {
            trust: 0.1,
            url: "https://security.gentoo.org/",
         },
         {
            trust: 0.1,
            url: "https://bugs.gentoo.org.",
         },
         {
            trust: 0.1,
            url: "https://www.redhat.com/mailman/listinfo/rhsa-announce",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/updates/classification/#moderate",
         },
         {
            trust: 0.1,
            url: "https://bugzilla.redhat.com/):",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/key/",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2019-6109",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/articles/11258",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/cve/cve-2018-20685",
         },
         {
            trust: 0.1,
            url: "https://access.redhat.com/security/team/contact/",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2018-20684",
         },
         {
            trust: 0.1,
            url: "https://sintonen.fi/advisories/scp-name-validator.patch",
         },
         {
            trust: 0.1,
            url: "https://nvd.nist.gov/vuln/detail/cve-2000-0992",
         },
         {
            trust: 0.1,
            url: "https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:6.6p1-2ubuntu2.13",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:7.7p1-4ubuntu0.3",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:7.2p2-4ubuntu2.8",
         },
         {
            trust: 0.1,
            url: "https://usn.ubuntu.com/usn/usn-3885-1",
         },
         {
            trust: 0.1,
            url: "https://usn.ubuntu.com/usn/usn-3885-2",
         },
         {
            trust: 0.1,
            url: "https://launchpad.net/ubuntu/+source/openssh/1:7.6p1-4ubuntu0.3",
         },
      ],
      sources: [
         {
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            db: "BID",
            id: "106741",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "PACKETSTORM",
            id: "151948",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151954",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            db: "BID",
            id: "106741",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            db: "PACKETSTORM",
            id: "151948",
         },
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            db: "PACKETSTORM",
            id: "151954",
         },
         {
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            db: "NVD",
            id: "CVE-2019-6111",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2019-01-31T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            date: "2019-01-18T00:00:00",
            db: "BID",
            id: "106741",
         },
         {
            date: "2019-03-27T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            date: "2019-03-04T21:54:21",
            db: "PACKETSTORM",
            id: "151948",
         },
         {
            date: "2019-03-20T16:09:02",
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            date: "2019-11-06T15:55:27",
            db: "PACKETSTORM",
            id: "155158",
         },
         {
            date: "2019-01-16T15:04:39",
            db: "PACKETSTORM",
            id: "151175",
         },
         {
            date: "2019-03-04T21:58:39",
            db: "PACKETSTORM",
            id: "151954",
         },
         {
            date: "2019-02-11T16:13:15",
            db: "PACKETSTORM",
            id: "151601",
         },
         {
            date: "2019-01-31T18:29:00.867000",
            db: "NVD",
            id: "CVE-2019-6111",
         },
         {
            date: "2019-01-21T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2023-11-07T00:00:00",
            db: "VULMON",
            id: "CVE-2019-6111",
         },
         {
            date: "2019-01-18T00:00:00",
            db: "BID",
            id: "106741",
         },
         {
            date: "2019-03-27T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
         {
            date: "2023-11-07T03:13:05.610000",
            db: "NVD",
            id: "CVE-2019-6111",
         },
         {
            date: "2022-12-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "PACKETSTORM",
            id: "152154",
         },
         {
            db: "PACKETSTORM",
            id: "151954",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
      trust: 0.8,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "OpenSSH Input validation vulnerability",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2019-001830",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "path traversal",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201901-767",
         },
      ],
      trust: 0.6,
   },
}