Known Vulnerabilities for products from Winscp
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Winscp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-3331 | WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL tha... | 9.8 - CRITICAL | 2021-01-27 | 2021-02-04 |
| CVE-2020-28864 | Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecifie... | 9.8 - CRITICAL | 2020-11-23 | 2020-12-02 |
| CVE-2019-6111 | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which f... | 5.9 - MEDIUM | 2019-01-31 | 2023-11-07 |
| CVE-2019-6110 | In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Mi... | 6.8 - MEDIUM | 2019-01-31 | 2023-02-23 |
| CVE-2019-6109 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man... | 6.8 - MEDIUM | 2019-01-31 | 2023-11-07 |
| CVE-2018-20685 | In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of ... | 5.3 - MEDIUM | 2019-01-10 | 2023-02-23 |
| CVE-2018-20684 | In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server... | 7.5 - HIGH | 2019-01-10 | 2020-01-15 |
| CVE-2014-2735 | WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject... | 5.8 - MEDIUM | 2014-04-22 | 2018-10-09 |
| CVE-2013-4852 | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers ... | 6.8 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2007-4909 | Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote serv... | 9.3 - HIGH | 2007-09-17 | 2018-10-15 |
| CVE-2006-3015 | Argument injection vulnerability in WinSCP 3.8.1 build 328 allows remote attackers to upload or download arbitrary files via ... | 7.1 - HIGH | 2006-06-14 | 2017-07-20 |
| CVE-2002-1360 | Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is speci... | 10 - HIGH | 2002-12-23 | 2017-10-11 |
| CVE-2002-1359 | Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to c... | 10 - HIGH | 2002-12-23 | 2017-10-11 |
| CVE-2002-1358 | Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attacke... | 10 - HIGH | 2002-12-23 | 2017-10-11 |
| CVE-2002-1357 | Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may... | 10 - HIGH | 2002-12-23 | 2017-10-11 |
Known software with vulnerabilities from Winscp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Winscp | Winscp | 2.0 |