Vulnerabilities (CVE)

Vendor filter

Winscp Subscribe

Product filter

Winscp Subscribe

Filter

13 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-6110 3 Openbsd, Winscp, Netapp 5 Openssh, Winscp, Element Software and 2 more 2019-04-18 4.0
In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.
CVE-2019-6111 5 Openbsd, Winscp, Canonical and 2 more 5 Openssh, Winscp, Ubuntu Linux and 2 more 2019-04-18 5.8
An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name...
CVE-2019-6109 5 Openbsd, Winscp, Netapp and 2 more 7 Openssh, Winscp, Element Software and 4 more 2019-03-25 4.0
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control...
CVE-2018-20685 5 Openbsd, Netapp, Winscp and 2 more 9 Openssh, Cloud Backup, Element Software and 6 more 2019-03-25 2.6
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
CVE-2013-4852 6 Debian, Simon Tatham, Novell and 3 more 6 Debian Linux, Winscp, Putty and 3 more 2019-03-21 6.8
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a...
CVE-2018-20684 1 Winscp 1 Winscp 2019-03-07 6.4
In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp.
CVE-2007-4909 1 Winscp 1 Winscp 2018-10-15 9.3
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated...
CVE-2014-2735 1 Winscp 1 Winscp 2018-10-09 5.8
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof...
CVE-2002-1360 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary...
CVE-2002-1359 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder...
CVE-2002-1358 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2002-1357 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder...
CVE-2006-3015 1 Winscp 1 Winscp 2017-07-20 7.1
Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via encoded spaces and double-quote characters in a scp or sftp URI.