CVSS: 5.9EPSS: 95%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 3CVE-2023-43177 – CrushFTP Remote Code Execution
https://notcve.org/view.php?id=CVE-2023-43177
17 Nov 2023 — CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. CrushFTP anterior a 10.5.1 es vulnerable a modificaciones controladas incorrectamente de atributos de objetos determinados dinámicamente. • https://packetstorm.news/files/id/178067 • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18288
https://notcve.org/view.php?id=CVE-2018-18288
26 Dec 2019 — CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. CrushFTP versiones hasta 8.3.0 es vulnerable al robo de credenciales por medio del redireccionamiento de la URL. • https://www.crushftp.com/version8_build.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-14037
https://notcve.org/view.php?id=CVE-2017-14037
30 Aug 2017 — CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. CrushFTP en versiones anteriores a la 7.8.0 y 8.x anteriores a la 8.2.0 tiene una vulnerabilidad de cabeceras HTTP. • https://crushftp.com/version7.html • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-14035
https://notcve.org/view.php?id=CVE-2017-14035
30 Aug 2017 — CrushFTP 8.x before 8.2.0 has a serialization vulnerability. CrushFTP en versiones 8.x anteriores a la 8.2.0 tiene una vulnerabilidad de serialización. • https://crushftp.com/version8.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-14036
https://notcve.org/view.php?id=CVE-2017-14036
30 Aug 2017 — CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. CrushFTP en versiones anteriores a la 7.8.0 y 8.x anteriores a la 8.2.0 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS). • https://crushftp.com/version7.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-14038
https://notcve.org/view.php?id=CVE-2017-14038
30 Aug 2017 — CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. CrushFTP en versiones anteriores a la 7.8.0 y 8.x anteriores a la 8.2.0 tiene una vulnerabilidad de redirección. • https://crushftp.com/version7.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •