汇总 netsarang 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 缓冲区溢出与路径处理缺陷,在 软件部署与生产负载 使用场景中可能带来 应用崩溃、内存损坏与文件覆盖 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2017-20203 | NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT record for a month‑generated domain. After receiving a decryption key, it then downloads and executes arbitrary code, creates an encrypted virtual file system (VFS) in the registry, and grants the attacker | [email protected] | 9.3 | 0.61% | 2025-10-09 | 2026-06-16 |
| CVE-2023-48795 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the ha | [email protected] | 5.9 | 93.31% | 2023-12-18 | 2026-06-17 |
| CVE-2022-33035 | XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | [email protected] | 7.8 | 0.36% | 2022-06-29 | 2026-06-17 |
| CVE-2022-27966 | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2026-06-17 |
| CVE-2022-27965 | Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2026-06-17 |
| CVE-2022-27964 | Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2026-06-17 |
| CVE-2022-27963 | Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.42% | 2022-03-31 | 2026-06-17 |
| CVE-2021-42095 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | [email protected] | 7.5 | 0.93% | 2021-10-07 | 2026-06-17 |
| CVE-2021-37326 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | [email protected] | 5.3 | 0.79% | 2021-08-15 | 2026-06-17 |
| CVE-2019-17320 | NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | [email protected] | 9.8 | 2.18% | 2019-10-10 | 2026-06-16 |
| CVE-2012-1009 | NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | [email protected] | 5.0 | 3.01% | 2012-02-14 | 2026-06-16 |
| CVE-2006-0148 | NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | [email protected] | 5.0 | 1.60% | 2006-01-09 | 2026-06-16 |