OpenSSH has a vulnerability in the scp client utility. Due to accepting and displaying arbitrary stderr output from the scp server, a malicious server can manipulate the client output, for example to employ ANSI codes to hide additional files being transferred. https://nvd.nist.gov/vuln/detail/CVE-2019-6110