Skip to main content

Winscp

8 CVEs product

Monthly

CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2021-3331 CRITICAL PATCH Act Now

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Winscp
NVD GitHub
CVSS 3.1
9.8
EPSS
7.4%
CVE-2020-28864 CRITICAL Act Now

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Winscp
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2019-6111 MEDIUM POC PATCH THREAT This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH Path Traversal Openssh Winscp Ubuntu Linux +16
NVD Exploit-DB
CVSS 3.1
5.9
EPSS
58.2%
CVE-2019-6110 MEDIUM POC PATCH THREAT This Month

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH RCE Openssh Winscp Element Software +4
NVD Exploit-DB
CVSS 3.1
6.8
EPSS
20.9%
CVE-2019-6109 MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh Winscp Ubuntu Linux +17
NVD VulDB
CVSS 3.1
6.8
EPSS
9.7%
CVE-2014-2735 MEDIUM This Month

WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Winscp
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2013-4852 MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE Winscp Debian Linux +2
NVD
CVSS 2.0
6.8
EPSS
1.8%
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Winscp
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL Act Now

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Winscp
NVD
EPSS 58% CVSS 5.9
MEDIUM POC PATCH THREAT This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH Path Traversal Openssh +18
NVD Exploit-DB
EPSS 21% CVSS 6.8
MEDIUM POC PATCH THREAT This Month

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

SSH RCE Openssh +6
NVD Exploit-DB
EPSS 10% CVSS 6.8
MEDIUM PATCH This Month

An issue was discovered in OpenSSH 7.9. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

SSH Information Disclosure Openssh +19
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Winscp
NVD VulDB
EPSS 2% CVSS 6.8
MEDIUM This Month

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service RCE +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy