netsarang 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには バッファオーバーフロー and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-48795 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the ha | [email protected] | 5.9 | 93.31% | 2023-12-18 | 2026-05-12 |
| CVE-2022-33035 | XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | [email protected] | 7.8 | 0.36% | 2022-06-29 | 2024-11-21 |
| CVE-2022-27966 | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2024-11-21 |
| CVE-2022-27965 | Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2024-11-21 |
| CVE-2022-27964 | Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2024-11-21 |
| CVE-2022-27963 | Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.42% | 2022-03-31 | 2024-11-21 |
| CVE-2021-42095 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | [email protected] | 7.5 | 0.93% | 2021-10-07 | 2024-11-21 |
| CVE-2021-37326 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | [email protected] | 5.3 | 0.79% | 2021-08-15 | 2024-11-21 |
| CVE-2019-17320 | NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | [email protected] | 9.8 | 2.18% | 2019-10-10 | 2024-11-21 |
| CVE-2012-1009 | NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | [email protected] | 5.0 | 3.01% | 2012-02-14 | 2026-04-29 |
| CVE-2006-0148 | NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | [email protected] | 5.0 | 1.60% | 2006-01-09 | 2026-04-16 |