Aggregates CVE and security vulnerability intelligence across all netsarang-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow and vendor risk path handling, with potential vendor impact application crash and vendor impact memory corruption across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-48795 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the ha | [email protected] | 5.9 | 93.31% | 2023-12-18 | 2026-05-12 |
| CVE-2022-33035 | XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | [email protected] | 7.8 | 0.36% | 2022-06-29 | 2024-11-21 |
| CVE-2022-27966 | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2024-11-21 |
| CVE-2022-27965 | Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2024-11-21 |
| CVE-2022-27964 | Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2024-11-21 |
| CVE-2022-27963 | Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.42% | 2022-03-31 | 2024-11-21 |
| CVE-2021-42095 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | [email protected] | 7.5 | 0.93% | 2021-10-07 | 2024-11-21 |
| CVE-2021-37326 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | [email protected] | 5.3 | 0.79% | 2021-08-15 | 2024-11-21 |
| CVE-2019-17320 | NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | [email protected] | 9.8 | 2.18% | 2019-10-10 | 2024-11-21 |
| CVE-2012-1009 | NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | [email protected] | 5.0 | 3.01% | 2012-02-14 | 2026-04-29 |
| CVE-2006-0148 | NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | [email protected] | 5.0 | 1.60% | 2006-01-09 | 2026-04-16 |