MobaXterm
by MobaXterm
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38337 | Cri | 0.59 | 9.1 | 0.01 | Dec 6, 2022 | When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used. | ||
| CVE-2019-16305 | Hig | 0.58 | 8.8 | 0.07 | Sep 14, 2019 | In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also… | ||
| CVE-2019-13475 | Hig | 0.58 | 8.8 | 0.04 | Jul 9, 2019 | In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject… | ||
| CVE-2024-48200 | Hig | 0.55 | 8.4 | 0.00 | Oct 31, 2024 | An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe) | ||
| CVE-2022-38336 | Hig | 0.53 | 8.1 | 0.01 | Dec 6, 2022 | An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. | ||
| CVE-2021-28847 | Hig | 0.49 | 7.5 | 0.01 | Jun 3, 2021 | MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. |
- risk 0.59cvss 9.1epss 0.01
When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.
- risk 0.58cvss 8.8epss 0.07
In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also…
- risk 0.58cvss 8.8epss 0.04
In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute arbitrary commands when the user visits a specially crafted URL. Based on the available command-line arguments of the software, one can simply inject…
- risk 0.55cvss 8.4epss 0.00
An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd (conhost.exe)
- risk 0.53cvss 8.1epss 0.01
An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.
- risk 0.49cvss 7.5epss 0.01
MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.