彙總 netsarang 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位與路徑處理缺陷,在 軟體部署與生產負載 使用場景中可能帶來 應用程式崩潰、記憶體損壞與檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2017-20203 | NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a specially crafted TXT record for a month‑generated domain. After receiving a decryption key, it then downloads and executes arbitrary code, creates an encrypted virtual file system (VFS) in the registry, and grants the attacker | [email protected] | 9.3 | 0.61% | 2025-10-09 | 2026-06-16 |
| CVE-2023-48795 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the ha | [email protected] | 5.9 | 93.78% | 2023-12-18 | 2026-06-17 |
| CVE-2022-33035 | XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | [email protected] | 7.8 | 0.36% | 2022-06-29 | 2026-06-17 |
| CVE-2022-27966 | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2026-06-17 |
| CVE-2022-27965 | Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2026-06-17 |
| CVE-2022-27964 | Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.45% | 2022-03-31 | 2026-06-17 |
| CVE-2022-27963 | Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | [email protected] | 6.5 | 0.42% | 2022-03-31 | 2026-06-17 |
| CVE-2021-42095 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | [email protected] | 7.5 | 0.93% | 2021-10-07 | 2026-06-17 |
| CVE-2021-37326 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | [email protected] | 5.3 | 0.79% | 2021-08-15 | 2026-06-17 |
| CVE-2019-17320 | NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | [email protected] | 9.8 | 2.18% | 2019-10-10 | 2026-06-16 |
| CVE-2012-1009 | NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | [email protected] | 5.0 | 3.01% | 2012-02-14 | 2026-06-16 |
| CVE-2006-0148 | NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. | [email protected] | 5.0 | 1.60% | 2006-01-09 | 2026-06-16 |