Known Vulnerabilities for products from Winscp
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Winscp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-48795 json | 5.9 - MEDIUM | 2023-12-18 | 2024-03-13 | |
| CVE-2021-3331 json | WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL tha... | 9.8 - CRITICAL | 2021-01-27 | 2021-02-04 |
| CVE-2020-28864 json | Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecifie... | 9.8 - CRITICAL | 2020-11-23 | 2020-12-02 |
| CVE-2019-6111 json | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which f... | 5.9 - MEDIUM | 2019-01-31 | 2023-11-07 |
| CVE-2019-6110 json | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Mi... | 6.8 - MEDIUM | 2019-01-31 | 2023-02-23 |
| CVE-2019-6109 json | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man... | 6.8 - MEDIUM | 2019-01-31 | 2023-11-07 |
| CVE-2018-20685 json | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of ... | 5.3 - MEDIUM | 2019-01-10 | 2023-02-23 |
| CVE-2018-20684 json | In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server... | 7.5 - HIGH | 2019-01-10 | 2020-01-15 |
| CVE-2014-2735 json | WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject... | 5.8 - MEDIUM | 2014-04-22 | 2018-10-09 |
| CVE-2013-4852 json | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers ... | 6.8 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2007-4909 json | Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote serv... | 9.3 - HIGH | 2007-09-17 | 2018-10-15 |
| CVE-2006-3015 json | Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via ... | 7.1 - HIGH | 2006-06-14 | 2017-07-20 |
| CVE-2002-1360 json | Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is speci... | Not Provided | 2002-12-23 | 2025-04-03 |
| CVE-2002-1359 json | Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to c... | Not Provided | 2002-12-23 | 2025-04-03 |
| CVE-2002-1358 json | Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attacke... | Not Provided | 2002-12-23 | 2025-04-03 |
| CVE-2002-1357 json | Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may... | Not Provided | 2002-12-23 | 2025-04-03 |
Known software with vulnerabilities from Winscp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Winscp | Winscp | 2.0 |