CVSS: 5.9EPSS: 69%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27966
https://notcve.org/view.php?id=CVE-2022-27966
31 Mar 2022 — Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. Xshell versiones v7.0.0099 y anteriores, contienen una vulnerabilidad de secuestro binario que permite a atacantes ejecutar código arbitrario por medio de un archivo .exe diseñado • https://github.com/ycdxsb/Vuln/blob/main/NetSarang-CreateProcessW-Misuse-Binary-Hijack/Xshell-CreateProcessW-Misuse-Binary-Hijack • CWE-428: Unquoted Search Path or Element •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42095
https://notcve.org/view.php?id=CVE-2021-42095
07 Oct 2021 — Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. Xshell versiones anteriores a 7.0.0.76, permite a atacantes causar un bloqueo al desencadenar cambios rápidos en la barra de título • https://www.netsarang.com/en/xshell-update-history •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2021-37326
https://notcve.org/view.php?id=CVE-2021-37326
15 Aug 2021 — NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. NetSarang Xshell 7 versiones anteriores al Build 0077 incluye cadenas de código no intencionadas en las operaciones de pegado. • https://www.netsarang.com/en/xshell-update-history • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •