Xshell
by Netsarang
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-20203 | Cri | 0.61 | — | 0.01 | Oct 9, 2025 | NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a… | ||
| CVE-2023-48795 | Med | 0.39 | 5.9 | 0.93 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently… | ||
| CVE-2021-42095 | 0.00 | — | 0.01 | Oct 7, 2021 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | |||
| CVE-2021-37326 | 0.00 | — | 0.01 | Aug 15, 2021 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. |
- risk 0.61cvss —epss 0.01
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a…
- risk 0.39cvss 5.9epss 0.93
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…
- CVE-2021-42095Oct 7, 2021risk 0.00cvss —epss 0.01
Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.
- CVE-2021-37326Aug 15, 2021risk 0.00cvss —epss 0.01
NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.