CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 10.0EPSS: 14%CPEs: 6EXPL: 2CVE-2020-12651 – SecureCRT Memory Corruption
https://notcve.org/view.php?id=CVE-2020-12651
15 May 2020 — SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. SecureCRT versiones anteriores a 8.7.2, permite a atacantes remotos ejecutar código arbitrario por medio de un Desbordamiento de Enteros y un desbordamiento del búfer porque una bandera puede activar un número de línea en las funciones CSI que exceden a INT_MAX. SecureCRT suffers from a memory corruption vulne... • https://packetstorm.news/files/id/157718 • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 3%CPEs: 23EXPL: 0CVE-2006-1038
https://notcve.org/view.php?id=CVE-2006-1038
07 Mar 2006 — Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string. • http://secunia.com/advisories/19040 •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2004-1541
https://notcve.org/view.php?id=CVE-2004-1541
31 Dec 2004 — SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share. • http://marc.info/?l=bugtraq&m=110129164332226&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0047
https://notcve.org/view.php?id=CVE-2003-0047
01 Feb 2003 — SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. Los clientes SSH2 de VanDyke SecureCRT 4.0.2 y 3.4.5, SecureFX 2.1.2 y 2.0.4, y Entunnel 1.02 y anteriores, no borran los credenciales de inicio de sesión de memoria, incluyendo contraseñas en texto claro, lo que podría permitir a atac... • http://marc.info/?l=bugtraq&m=104386492422014&w=2 •
CVSS: 9.8EPSS: 71%CPEs: 19EXPL: 4CVE-2002-1059 – SecureCRT 2.4/3.x/4.0 - SSH1 Identifier String Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1059
04 Oct 2002 — Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string. • https://www.exploit-db.com/exploits/21634 •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2001-1466
https://notcve.org/view.php?id=CVE-2001-1466
30 Dec 2001 — Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. • http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0967.html •