A flaw was found with the libssh API function ssh_scp_new(). A user able to connect to a server using SCP could execute arbitrary command using a user-provided path, leading to a compromise of the remote target.

References

bugzilla.redhat.com/show_bug.cgi?id=1772523

nvd.nist.gov/vuln/detail/CVE-2019-14889

www.cve.org/CVERecord?id=CVE-2019-14889

www.libssh.org/security/advisories/CVE-2019-14889.txt

openvas 21

nessus 28

altlinux 2

fedora 2

osv 4

nvd 1

gentoo 1

suse 2

ubuntucve 1

mageia 1

debian 2

alpinelinux 1

cve 1

prion 1

debiancve 1

cvelist 1

veracode 1

freebsd 1

ubuntu 1

almalinux 1

redhat 15

rocky 1

oraclelinux 1

ibm 1

oracle 1

openvas

SUSE: Security Advisory (SUSE-SU-2019:3307-1)

2021-04-19 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:0139-1)

2021-04-19 00:00:00

Fedora Update for libssh FEDORA-2019-8b0ad69829

2020-01-09 00:00:00

nessus

EulerOS Virtualization for ARM 64 3.0.6.0 : libssh (EulerOS-SA-2020-1332)

2020-04-02 00:00:00

SUSE SLED15 / SLES15 Security Update : libssh (SUSE-SU-2020:0130-1)

2020-01-21 00:00:00

SUSE SLES12 Security Update : libssh (SUSE-SU-2019:3307-1)

2019-12-17 00:00:00

altlinux

Security fix for the ALT Linux 8 package libssh version 0.8.8-alt1

2020-03-13 00:00:00

Security fix for the ALT Linux 9 package libssh version 0.9.3-alt1

2019-12-14 00:00:00

fedora

[SECURITY] Fedora 31 Update: libssh-0.9.3-1.fc31

2019-12-18 01:56:36

[SECURITY] Fedora 30 Update: libssh-0.9.3-1.fc30

2020-01-03 20:36:26

osv

CVE-2019-14889

2019-12-10 23:15:10

libssh - security update

2019-12-17 00:00:00

Moderate: libssh security, bug fix, and enhancement update

2020-11-03 12:14:19

nvd

CVE-2019-14889

2019-12-10 23:15:10

gentoo

libssh: Arbitrary command execution

2020-03-15 00:00:00

suse

Security update for libssh (important)

2020-01-25 00:00:00

Security update for libssh (important)

2019-12-17 00:00:00

ubuntucve

CVE-2019-14889

2019-12-10 00:00:00

mageia

Updated libssh packages fix security vulnerability

2019-12-19 16:44:26

debian

[SECURITY] [DLA 2038-1] libssh security update

2019-12-17 12:42:41

[SECURITY] [DLA 3437-1] libssh security update

2023-05-29 22:01:33

alpinelinux

CVE-2019-14889

2019-12-10 23:15:10

cve

CVE-2019-14889

2019-12-10 23:15:10

prion

Command injection

2019-12-10 23:15:00

debiancve

CVE-2019-14889

2019-12-10 23:15:10

cvelist

CVE-2019-14889

2019-12-10 00:00:00

veracode

Arbitrary Code Execution

2019-12-11 04:07:33

freebsd

libssh -- Unsanitized location in scp could lead to unwanted command execution

2019-11-14 00:00:00

ubuntu

libssh vulnerability

2019-12-10 00:00:00

almalinux

Moderate: libssh security, bug fix, and enhancement update

2020-11-03 12:14:19

redhat

(RHSA-2020:4545) Moderate: libssh security, bug fix, and enhancement update

2020-11-03 12:14:19

(RHSA-2021:0146) Moderate: Release of OpenShift Serverless 1.12.0

2021-01-14 13:24:22

(RHSA-2021:2021) Moderate: Release of OpenShift Serverless 1.10.2 security update

2021-05-19 02:03:59

rocky

libssh security, bug fix, and enhancement update

2020-11-03 12:14:19

oraclelinux

libssh security, bug fix, and enhancement update

2020-11-10 00:00:00

ibm

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

2021-12-03 18:52:37

oracle

Oracle Critical Patch Update Advisory - April 2020

2020-04-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.007 Low

EPSS

Percentile

80.7%

JSON

Related for RH:CVE-2019-14889