From 29496b43d5e7d0cb91b323389728252145bd80de Mon Sep 17 00:00:00 2001
From: Manfred Kaiser <37737811+manfred-kaiser@users.noreply.github.com>
Date: Thu, 27 Oct 2022 16:10:17 +0200
Subject: [PATCH] updated vulnerability database (#157)

* updated vulnerability database

* added info for CVE-2021-36367
---
 src/ssh_audit/versionvulnerabilitydb.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/ssh_audit/versionvulnerabilitydb.py b/src/ssh_audit/versionvulnerabilitydb.py
index a3095c4..82ed51d 100644
--- a/src/ssh_audit/versionvulnerabilitydb.py
+++ b/src/ssh_audit/versionvulnerabilitydb.py
@@ -35,6 +35,7 @@ class VersionVulnerabilityDB:  # pylint: disable=too-few-public-methods
     #             then affected = 1 + 4 = 5.
     CVE: Dict[str, List[List[Any]]] = {
         'Dropbear SSH': [
+            ['0.0', '2020.81', 2, 'CVE-2021-36369', 7.5, 'trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS'],
             ['0.0', '2018.76', 1, 'CVE-2018-15599', 5.0, 'remote users may enumerate users on the system'],
             ['0.0', '2017.74', 5, 'CVE-2017-9079', 4.7, 'local users can read certain files as root'],
             ['0.0', '2017.74', 5, 'CVE-2017-9078', 9.3, 'local users may elevate privileges to root under certain conditions'],
@@ -67,6 +68,7 @@ class VersionVulnerabilityDB:  # pylint: disable=too-few-public-methods
             ['0.4.7', '0.5.2',  1, 'CVE-2012-4559', 6.8, 'cause DoS or execute arbitrary code (double free)']],
         'OpenSSH': [
             ['6.2',     '8.7',     5, 'CVE-2021-41617', 7.0, 'privilege escalation via supplemental groups'],
+            ['1.0',     '8.8',     2, 'CVE-2021-36368', 3.7, 'trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS'],
             ['8.2',     '8.4',     2, 'CVE-2021-28041', 7.1, 'double free via ssh-agent'],
             ['1.0',     '8.3',     5, 'CVE-2020-15778', 7.8, 'command injection via anomalous argument transfers'],
             ['5.7',     '8.3',     2, 'CVE-2020-14145', 5.9, 'information leak via algorithm negotiation'],
@@ -138,6 +140,10 @@ class VersionVulnerabilityDB:  # pylint: disable=too-few-public-methods
             ['1.2.3',   '2.1.1',   1, 'CVE-2001-0361',  4.0, 'recover plaintext from ciphertext'],
             ['1.2',     '2.1',     1, 'CVE-2000-0525', 10.0, 'execute arbitrary code (improper privileges)']],
         'PuTTY': [
+            # info for CVE-2021-36367 - only PuTTY up to 0.71 is affected - see https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/reject-trivial-auth.html
+            ['0.0', '0.71', 2, 'CVE-2021-36367', 8.1, 'trivial authentication attack to bypass FIDO tokens and SSH-ASKPASS'],
+            ['0.0', '0.74', 2, 'CVE-2021-33500', 5.0, 'denial of service of the complete windows desktop'],
+            ['0.68', '0.73', 2, 'CVE-2020-14002', 4.3, 'Observable Discrepancy which allows man-in-the-middle attackers to target initial connection attempts'],
             ['0.54', '0.73', 2, 'CVE-2020-XXXX', 5.0, 'out of bounds memory read'],
             ['0.0', '0.72', 2, 'CVE-2019-17069', 5.0, 'potential DOS by remote SSHv1 server'],
             ['0.71', '0.72', 2, 'CVE-2019-17068', 5.0, 'xterm bracketed paste mode command injection'],