CVSS: 5.9EPSS: 95%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 2CVE-2020-12651 – SecureCRT Memory Corruption
https://notcve.org/view.php?id=CVE-2020-12651
15 May 2020 — SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. SecureCRT versiones anteriores a 8.7.2, permite a atacantes remotos ejecutar código arbitrario por medio de un Desbordamiento de Enteros y un desbordamiento del búfer porque una bandera puede activar un número de línea en las funciones CSI que exceden a INT_MAX. SecureCRT suffers from a memory corruption vulne... • https://packetstorm.news/files/id/157718 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 19%CPEs: 19EXPL: 4CVE-2002-1059 – SecureCRT 2.4/3.x/4.0 - SSH1 Identifier String Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1059
04 Oct 2002 — Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string. • https://www.exploit-db.com/exploits/21634 •