{"vulnerability": "CVE-2018-20685", "sightings": [{"uuid": "d89ec510-0a62-4791-8ab3-7823bd2f3cb7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "published-proof-of-concept", "source": "https://t.me/antichat/3382", "content": "#soft #\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f #\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f\n\n\u041d\u0435\u043f\u0440\u0438\u044f\u0442\u043d\u043e\u0441\u0442\u0438 \u0441 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c\u0438 SCP\n\n\u041d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043d\u043e\u0432\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 \u0441\u0430\u043c\u044b\u0445 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f\u0445 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 SCP (\u043e\u0441\u043e\u0431\u043e \u0432\u0430\u0436\u043d\u043e \u0434\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0447\u0430\u0441\u0442\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u043a \u0447\u0443\u0436\u0438\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c):\nCVE-2019-6111 - \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 OpenSSH scp <=7.9 - \u043d\u0435\u0434\u043e\u0431\u0440\u043e\u0441\u043e\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u0444\u0430\u0439\u043b\u044b \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u043c \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0435 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u0434\u043a\u0430\u0442\u043e\u043b\u043e\u0433\u0438, \u0435\u0441\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u043e\u0435 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435.\nCVE-2018-20685 - OpenSSH scp <=7.9 \u0438 WinSCP <=5.13 - \u043d\u0435\u0434\u043e\u0431\u0440\u043e\u0441\u043e\u0432\u0435\u0441\u0442\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0446\u0435\u043b\u0435\u0432\u043e\u043c\u0443 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430.\nCVE-2019-6109 \u0438 CVE-2019-6110 - OpenSSH scp <=7.9 \u0438 PuTTY PSCP - \u0434\u0430\u044e\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u044b\u0432\u043e\u0434\u043e\u043c \u043d\u0430 \u0441\u0442\u043e\u0440\u043e\u043d\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0447\u0435\u0440\u0435\u0437 \u0438\u043c\u0435\u043d\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u043e\u0432 \u0438 \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043d\u044b\u0439 \u043f\u043e\u0442\u043e\u043a \u043e\u0448\u0438\u0431\u043e\u043a \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0445 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 ASCII \u0438 \u0441\u043a\u0440\u044b\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0414\u043b\u044f WinSCP \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u0430 \u0432\u0435\u0440\u0441\u0438\u044f \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c - 5.14.\n\n\u0414\u043b\u044f OpenSSH \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442, \u043d\u043e \u0435\u0441\u0442\u044c \u043f\u0430\u0442\u0447 https://sintonen.fi/advisories/scp-name-validator.patch\n\u041b\u0438\u0431\u043e \u043c\u043e\u0436\u043d\u043e \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c SFTP, \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0432 \u0441\u043e\u0441\u0442\u0430\u0432 OpenSSH:\nSubsystem sftp /usr/lib/openssh/sftp-server (\u0432 \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u043e\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435)\n\u0438\u043b\u0438\nSubsystem sftp internal-sftp (\u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u044b\u0439, \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 sshd)\n\n\u0414\u043b\u044f PuTTY \u043d\u0435\u0442 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043d\u043e \u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 \u043d\u0435\u043c \u043d\u0435 \u0443\u0441\u0442\u0440\u0430\u0448\u0430\u044e\u0449\u0438\u0435.", "creation_timestamp": "2019-01-23T07:03:05.000000Z"}, {"uuid": "895f49b9-82d9-486a-91a9-f4092c878d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/qXF8Cjz6knmlpu3SrYMoQxCiBvWret7nWYdUS1mAXBP11v98Zw", "content": "", "creation_timestamp": "2025-08-17T02:42:33.000000Z"}, {"uuid": "9a3bb2fd-e3b6-4fd5-a211-3f7d1f8df41f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/xGsLy8z3fANiCroIRCfALnNfiha1hqkEaeyvq7MCrScixms", "content": "", "creation_timestamp": "2024-07-01T14:34:42.000000Z"}, {"uuid": "9c64057b-b4de-4f4d-a5ea-121d676ace6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "https://t.me/arpsyndicate/2616", "content": "#ExploitObserverAlert\n\nCVE-2020-36254\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2020-36254. scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n\nFIRST-EPSS: 0.002220000\nNVD-IS: 5.9\nNVD-ES: 2.2", "creation_timestamp": "2024-01-07T06:20:18.000000Z"}, {"uuid": "c60ef7b5-7d46-4d1a-8fc8-042fd72e0342", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/g4YVNsl8VVhm8hCc75QWhNv5PFRAQjIgSB1n0jxM2tiTPh-tRQ", "content": "", "creation_timestamp": "2025-02-01T09:42:01.000000Z"}, {"uuid": "e4261881-c23c-4586-a404-426e0d522c3f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/RJJYy2hOykdTHQv9MovqUH5Nr_vdKbqoUJawTNQiy6Aw7FQ", "content": "", "creation_timestamp": "2022-05-31T23:13:36.000000Z"}, {"uuid": "adbb8b5b-868b-45fa-a61f-ec795e24f624", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/w0w9iKcyXi70OnNrtP96yLy6sw-7f3qLcDmBnN0l3DtxqHg", "content": "", "creation_timestamp": "2024-07-01T14:33:02.000000Z"}, {"uuid": "2347e4f7-7129-4f1c-92ea-e92920af3ae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/10574", "content": "https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 *EXPLOIT* | 1337DAY-ID-39918 6.8 https://vulners.com/zdt/1337DAY-ID-39918*EXPLOIT* | 10213DBE-F683-58BB-B6D3-353173626207 6.8 https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207 *EXPLOIT* | CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385 | EDB-ID:40858 6.4 https://vulners.com/exploitdb/EDB-ID:40858 *EXPLOIT* | EDB-ID:40119 6.4 https://vulners.com/exploitdb/EDB-ID:40119 *EXPLOIT* | EDB-ID:39569 6.4 https://vulners.com/exploitdb/EDB-ID:39569 *EXPLOIT* | CVE-2016-3115 6.4 https://vulners.com/cve/CVE-2016-3115 | PACKETSTORM:181223 5.9 https://vulners.com/packetstorm/PACKETSTORM:181223 *EXPLOIT* | MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- 5.9 https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- *EXPLOIT* | EDB-ID:40136 5.9 https://vulners.com/exploitdb/EDB-ID:40136 *EXPLOIT* | EDB-ID:40113 5.9 https://vulners.com/exploitdb/EDB-ID:40113 *EXPLOIT* | CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795 | CVE-2020-14145 5.9 https://vulners.com/cve/CVE-2020-14145 | CVE-2019-6111 5.9 https://vulners.com/cve/CVE-2019-6111 | CVE-2016-6210 5.9 https://vulners.com/cve/CVE-2016-6210 | 54E1BB01-2C69-5AFD-A23D-9783C9D9FC4C 5.9 https://vulners.com/githubexploit/54E1BB01-2C69-5AFD-A23D-9783C9D9FC4C *EXPLOIT* | EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 *EXPLOIT* | EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 *EXPLOIT* | 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328*EXPLOIT* | 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009*EXPLOIT* | SSV:91041 5.5 https://vulners.com/seebug/SSV:91041 *EXPLOIT* | PACKETSTORM:140019 5.5 https://vulners.com/packetstorm/PACKETSTORM:140019 *EXPLOIT* | PACKETSTORM:136251 5.5 https://vulners.com/packetstorm/PACKETSTORM:136251 *EXPLOIT* | PACKETSTORM:136234 5.5 https://vulners.com/packetstorm/PACKETSTORM:136234 *EXPLOIT* | EXPLOITPACK:F92411A645D85F05BDBD274FD222226F 5.5 https://vulners.com/exploitpack/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F *EXPLOIT* | EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 5.5 https://vulners.com/exploitpack/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 *EXPLOIT* | EXPLOITPACK:1902C998CBF9154396911926B4C3B330 5.5 https://vulners.com/exploitpack/EXPLOITPACK:1902C998CBF9154396911926B4C3B330 *EXPLOIT* | CVE-2016-10011 5.5 https://vulners.com/cve/CVE-2016-10011 | 1337DAY-ID-25388 5.5 https://vulners.com/zdt/1337DAY-ID-25388*EXPLOIT* | EDB-ID:45939 5.3 https://vulners.com/exploitdb/EDB-ID:45939 *EXPLOIT* | EDB-ID:45233 5.3 https://vulners.com/exploitdb/EDB-ID:45233 *EXPLOIT* | CVE-2018-20685 5.3 https://vulners.com/cve/CVE-2018-20685 | CVE-2018-15919 5.3 https://vulners.com/cve/CVE-2018-15919 | CVE-2018-15473 5.3 https://vulners.com/cve/CVE-2018-15473 | CVE-2017-15906 5.3 https://vulners.com/cve/CVE-2017-15906 |", "creation_timestamp": "2025-04-01T08:49:50.000000Z"}, {"uuid": "6d43f33c-abc8-4641-8709-e410c35941b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "published-proof-of-concept", "source": "https://t.me/MalaysiaHacktivistz/2961", "content": "https://vulners.com/githubexploit/C94132FD-1FA5-5342-B6EE-0DAF45EEFFE3 *EXPLOIT* | 1337DAY-ID-39918 6.8 https://vulners.com/zdt/1337DAY-ID-39918*EXPLOIT* | 10213DBE-F683-58BB-B6D3-353173626207 6.8 https://vulners.com/githubexploit/10213DBE-F683-58BB-B6D3-353173626207 *EXPLOIT* | CVE-2023-51385 6.5 https://vulners.com/cve/CVE-2023-51385 | EDB-ID:40858 6.4 https://vulners.com/exploitdb/EDB-ID:40858 *EXPLOIT* | EDB-ID:40119 6.4 https://vulners.com/exploitdb/EDB-ID:40119 *EXPLOIT* | EDB-ID:39569 6.4 https://vulners.com/exploitdb/EDB-ID:39569 *EXPLOIT* | CVE-2016-3115 6.4 https://vulners.com/cve/CVE-2016-3115 | PACKETSTORM:181223 5.9 https://vulners.com/packetstorm/PACKETSTORM:181223 *EXPLOIT* | MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- 5.9 https://vulners.com/metasploit/MSF:AUXILIARY-SCANNER-SSH-SSH_ENUMUSERS- *EXPLOIT* | EDB-ID:40136 5.9 https://vulners.com/exploitdb/EDB-ID:40136 *EXPLOIT* | EDB-ID:40113 5.9 https://vulners.com/exploitdb/EDB-ID:40113 *EXPLOIT* | CVE-2023-48795 5.9 https://vulners.com/cve/CVE-2023-48795 | CVE-2020-14145 5.9 https://vulners.com/cve/CVE-2020-14145 | CVE-2019-6111 5.9 https://vulners.com/cve/CVE-2019-6111 | CVE-2016-6210 5.9 https://vulners.com/cve/CVE-2016-6210 | 54E1BB01-2C69-5AFD-A23D-9783C9D9FC4C 5.9 https://vulners.com/githubexploit/54E1BB01-2C69-5AFD-A23D-9783C9D9FC4C *EXPLOIT* | EXPLOITPACK:98FE96309F9524B8C84C508837551A19 5.8 https://vulners.com/exploitpack/EXPLOITPACK:98FE96309F9524B8C84C508837551A19 *EXPLOIT* | EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 5.8 https://vulners.com/exploitpack/EXPLOITPACK:5330EA02EBDE345BFC9D6DDDD97F9E97 *EXPLOIT* | 1337DAY-ID-32328 5.8 https://vulners.com/zdt/1337DAY-ID-32328*EXPLOIT* | 1337DAY-ID-32009 5.8 https://vulners.com/zdt/1337DAY-ID-32009*EXPLOIT* | SSV:91041 5.5 https://vulners.com/seebug/SSV:91041 *EXPLOIT* | PACKETSTORM:140019 5.5 https://vulners.com/packetstorm/PACKETSTORM:140019 *EXPLOIT* | PACKETSTORM:136251 5.5 https://vulners.com/packetstorm/PACKETSTORM:136251 *EXPLOIT* | PACKETSTORM:136234 5.5 https://vulners.com/packetstorm/PACKETSTORM:136234 *EXPLOIT* | EXPLOITPACK:F92411A645D85F05BDBD274FD222226F 5.5 https://vulners.com/exploitpack/EXPLOITPACK:F92411A645D85F05BDBD274FD222226F *EXPLOIT* | EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 5.5 https://vulners.com/exploitpack/EXPLOITPACK:9F2E746846C3C623A27A441281EAD138 *EXPLOIT* | EXPLOITPACK:1902C998CBF9154396911926B4C3B330 5.5 https://vulners.com/exploitpack/EXPLOITPACK:1902C998CBF9154396911926B4C3B330 *EXPLOIT* | CVE-2016-10011 5.5 https://vulners.com/cve/CVE-2016-10011 | 1337DAY-ID-25388 5.5 https://vulners.com/zdt/1337DAY-ID-25388*EXPLOIT* | EDB-ID:45939 5.3 https://vulners.com/exploitdb/EDB-ID:45939 *EXPLOIT* | EDB-ID:45233 5.3 https://vulners.com/exploitdb/EDB-ID:45233 *EXPLOIT* | CVE-2018-20685 5.3 https://vulners.com/cve/CVE-2018-20685 | CVE-2018-15919 5.3 https://vulners.com/cve/CVE-2018-15919 | CVE-2018-15473 5.3 https://vulners.com/cve/CVE-2018-15473 | CVE-2017-15906 5.3 https://vulners.com/cve/CVE-2017-15906 |", "creation_timestamp": "2025-04-01T08:49:50.000000Z"}, {"uuid": "764d3379-d944-4945-9d30-7f6dbdc225a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/eHFsan1m1sbQ7WGhWquYDZEyTPqYuvjFlFdG01P5qU4UKPM", "content": "", "creation_timestamp": "2022-06-01T15:37:55.000000Z"}, {"uuid": "ca6a8334-d4e7-4779-92d9-f9875c9a0938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/4r-JmUDZNqxxvmdkoRHwGE8rl_froMteEwJChso0bxMoyLA", "content": "", "creation_timestamp": "2022-06-13T11:09:08.000000Z"}, {"uuid": "87a6dfd5-534e-4f2a-968f-00138075ab99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "https://t.me/cibsecurity/24123", "content": "\u203c CVE-2020-36254 \u203c\n\nscp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-25T12:37:38.000000Z"}, {"uuid": "dac152b7-a6a1-447c-a9a9-9325b2eac7d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "Telegram/2G0LL9YDDO0dQKSo5p4zQWAL-pbipATIxiBPSKqKsYKP6RG0", "content": "", "creation_timestamp": "2024-07-01T14:30:24.000000Z"}, {"uuid": "d5dab10e-f217-4a62-bcb8-6fc21992eab8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "https://t.me/cibsecurity/22957", "content": "\u203c CVE-2019-25018 \u203c\n\nIn the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-02T20:33:49.000000Z"}, {"uuid": "b247280a-d04a-4045-8388-38a423d97e8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-20685", "type": "seen", "source": "https://t.me/VulnerabilityNews/20048", "content": "In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.\nPublished at: February 02, 2021 at 07:15PM\nView on website", "creation_timestamp": "2021-02-02T20:46:11.000000Z"}]}