Vulnerabilities > Netsarang
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-48795 | Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354 | 5.9 |
| 2022-06-29 | CVE-2022-33035 | Uncontrolled Search Path Element vulnerability in Netsarang Xlpd 7.0.0094 XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | 7.8 |
| 2022-03-31 | CVE-2022-27963 | Unquoted Search Path or Element vulnerability in Netsarang Xftp Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 6.5 |
| 2022-03-31 | CVE-2022-27964 | Unquoted Search Path or Element vulnerability in Netsarang Xmanager 3.0.127/3.0.218/4.0.165 Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 6.5 |
| 2022-03-31 | CVE-2022-27965 | Unquoted Search Path or Element vulnerability in Netsarang Xlpd 7.0.0094 Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 6.5 |
| 2022-03-31 | CVE-2022-27966 | Unquoted Search Path or Element vulnerability in Netsarang Xshell 7 Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | 6.5 |
| 2021-10-07 | CVE-2021-42095 | Unspecified vulnerability in Netsarang Xshell 7 Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | 7.5 |
| 2021-08-15 | CVE-2021-37326 | Information Exposure vulnerability in Netsarang Xshell 7 NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | 5.3 |
| 2019-10-10 | CVE-2019-17320 | Classic Buffer Overflow vulnerability in Netsarang Xftp NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. | 9.8 |