CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33035
https://notcve.org/view.php?id=CVE-2022-33035
29 Jun 2022 — XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. XLPD versiones v7.0.0094 y anteriores, contienen una vulnerabilidad de ruta de servicio no citada que permite a usuarios locales lanzar procesos con altos privilegios • https://github.com/ycdxsb/Vuln/blob/main/Xlpd-Unquoted-Service-Path/XLpd-Unquoted-Service-Path.md • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27966
https://notcve.org/view.php?id=CVE-2022-27966
31 Mar 2022 — Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Xshell versiones v7.0.0099 y anteriores, contienen una vulnerabilidad de secuestro binario que permite a atacantes ejecutar código arbitrario por medio de un archivo .exe diseñado • https://github.com/ycdxsb/Vuln/blob/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xshell-CreateProcessW-Misuse-Binary-Hijack • CWE-428: Unquoted Search Path or Element •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27964
https://notcve.org/view.php?id=CVE-2022-27964
31 Mar 2022 — Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Xmanager versiones v7.0.0096 y anteriores, contiene una vulnerabilidad de secuestro binario que permite a atacantes ejecutar código arbitrario por medio de un archivo .exe diseñado • https://github.com/ycdxsb/Vuln/blob/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xmanager-CreateProcessW-Misuse-Binary-Hijack • CWE-428: Unquoted Search Path or Element •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27965
https://notcve.org/view.php?id=CVE-2022-27965
31 Mar 2022 — Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Xlpd versiones v7.0.0094 y anteriores, contiene una vulnerabilidad de secuestro binario que permite a atacantes ejecutar código arbitrario por medio de un archivo .exe diseñado • https://github.com/ycdxsb/Vuln/tree/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xlpd-CreateProcessW-Misuse-Binary-Hijack • CWE-428: Unquoted Search Path or Element •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27963
https://notcve.org/view.php?id=CVE-2022-27963
31 Mar 2022 — Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Xftp versiones 7.0.0088p y anteriores, contiene una vulnerabilidad de secuestro binario que permite a atacantes ejecutar código arbitrario por medio de un archivo .exe diseñado • https://github.com/ycdxsb/Vuln/tree/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xftp-CreateProcessW-Misuse-Binary-Hijack • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42095
https://notcve.org/view.php?id=CVE-2021-42095
07 Oct 2021 — Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. Xshell versiones anteriores a 7.0.0.76, permite a atacantes causar un bloqueo al desencadenar cambios rápidos en la barra de título • https://www.netsarang.com/en/xshell-update-history •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37326
https://notcve.org/view.php?id=CVE-2021-37326
15 Aug 2021 — NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. NetSarang Xshell 7 versiones anteriores al Build 0077 incluye cadenas de código no intencionadas en las operaciones de pegado. • https://www.netsarang.com/en/xshell-update-history • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-17320
https://notcve.org/view.php?id=CVE-2019-17320
10 Oct 2019 — NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. NetSarang XFTP Client versión 6.0149 y versiones anteriores, contienen una vulnerabilidad de desbordamiento de búfer causada por comprobaciones de límites inapropiadas cuando se copia el nombre de archivo de un servidor FTP controlado por el ataca... • https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35160 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 17%CPEs: 2EXPL: 5CVE-2012-1009 – NetSarang Xlpd Printer Daemon 4 - Denial of Service
https://notcve.org/view.php?id=CVE-2012-1009
14 Feb 2012 — NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. NetSarang Xlpd v4 Build 0100 y NetSarang Xmanager Enterprise c4 Build 0186, permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición LPD mal formada. • https://www.exploit-db.com/exploits/18454 •