CVE-2023-35812

CVSS 5.3 · Medium EPSS 0.14% · P33 Updated Mar 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-35812

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenSSH 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenSSH（OpenBSD Secure Shell）是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现，支持对所有的传输进行加密，可有效阻止窃听、连接劫持以及其他网络级的攻击。 Amazon Linux 1和2 的 OpenSSH 7.4版本存在安全漏洞，该漏洞源于在使用相对路径时，不会验证客户端接收到的文件名是否与请求的文件匹配。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2023-35812

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-35812

请登录查看更多情报信息。

Same Patch Batch · n/a · 2024-04-03 · 36 CVEs total

CVE-2024-28219	6.7 MEDIUM	Pillow 安全漏洞
CVE-2024-3270	3.8 LOW	ThingsBoard AdvancedFeature access control
CVE-2024-29413		Webasyst 跨站脚本漏洞
CVE-2024-27706		Huly Platform 跨站脚本漏洞
CVE-2024-27705		Leantime Systems Leantime 跨站脚本漏洞
CVE-2023-52043		D-Link COVR 多款产品安全漏洞
CVE-2024-27674		Macro Expert 安全漏洞
CVE-2023-45552		VeridiumID 安全漏洞
CVE-2023-44040		VeridiumID 安全漏洞
CVE-2023-44039		VeridiumID 安全漏洞
CVE-2023-44038		VeridiumID 安全漏洞
CVE-2024-28275		Puwell Cloud Tech 360Eyes Pro 安全漏洞
CVE-2024-30572		Netgear R6850 安全漏洞
CVE-2024-30571		Netgear R6850 安全漏洞
CVE-2024-30570		Netgear R6850 安全漏洞
CVE-2024-30569		Netgear R6850 安全漏洞
CVE-2024-30568		NETGEAR R6850 安全漏洞
CVE-2024-28589		Axigen 安全漏洞
CVE-2024-31013		emlog 安全漏洞
CVE-2024-28755		Mbed TLS 安全漏洞

Showing top 20 of 36 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2023-35812

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-35812

I. Basic Information for CVE-2023-35812

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-35812

III. Intelligence Information for CVE-2023-35812

Same Patch Batch · n/a · 2024-04-03 · 36 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-35812

Leave a comment