Netsarang
Products
6- 5 CVEs
- 5 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-17320 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2019 | NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename. | ||
| CVE-2017-20203 | Cri | 0.60 | — | 0.01 | Oct 9, 2025 | NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a… | ||
| CVE-2022-33035 | Hig | 0.51 | 7.8 | 0.00 | Jun 29, 2022 | XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | ||
| CVE-2021-42095 | Hig | 0.49 | 7.5 | 0.01 | Oct 7, 2021 | Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar. | ||
| CVE-2022-27966 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2022 | Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | ||
| CVE-2022-27965 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2022 | Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | ||
| CVE-2022-27964 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2022 | Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | ||
| CVE-2022-27963 | Med | 0.42 | 6.5 | 0.00 | Mar 31, 2022 | Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file. | ||
| CVE-2023-48795 | Med | 0.39 | 5.9 | 0.93 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently… | ||
| CVE-2021-37326 | Med | 0.35 | 5.3 | 0.01 | Aug 15, 2021 | NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations. | ||
| CVE-2012-1009 | 0.03 | — | 0.03 | Feb 14, 2012 | NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request. | |||
| CVE-2006-0148 | 0.00 | — | 0.02 | Jan 9, 2006 | NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. |
- risk 0.64cvss 9.8epss 0.02
NetSarang XFTP Client 6.0149 and earlier version contains a buffer overflow vulnerability caused by improper boundary checks when copying file name from an attacker controlled FTP server. That leads attacker to execute arbitrary code by sending a crafted filename.
- risk 0.60cvss —epss 0.01
NetSarang Xmanager Enterprise 5.0 Build 1232, Xmanager 5.0 Build 1045, Xshell 5.0 Build 1322, Xftp 5.0 Build 1218, and Xlpd 5.0 Build 1220 contain a malicious nssock2.dll that implements a multi-stage, DNS-based backdoor. The dormant library contacts a C2 DNS server via a…
- risk 0.51cvss 7.8epss 0.00
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
- risk 0.49cvss 7.5epss 0.01
Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.
- risk 0.42cvss 6.5epss 0.00
Xshell v7.0.0099 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- risk 0.42cvss 6.5epss 0.00
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- risk 0.42cvss 6.5epss 0.00
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- risk 0.42cvss 6.5epss 0.00
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.
- risk 0.39cvss 5.9epss 0.93
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently…
- risk 0.35cvss 5.3epss 0.01
NetSarang Xshell 7 before Build 0077 includes unintended code strings in paste operations.
- CVE-2012-1009Feb 14, 2012risk 0.03cvss —epss 0.03
NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 allow remote attackers to cause a denial of service (daemon crash) via a malformed LPD request.
- CVE-2006-0148Jan 9, 2006risk 0.00cvss —epss 0.02
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.