Van Dyke Technologies Securecrt vulnerabilities
5 known vulnerabilities affecting van_dyke_technologies/securecrt.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2002-1059P3HIGHCVSS 7.5PoCv2.4v3.0+17 more2002-10-04
CVE-2002-1059 [HIGH] CVE-2002-1059: Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.
nvd
CVE-2006-1038P3CRITICALCVSS 10.0v5.0v5.0.1+9 more2006-03-07
CVE-2006-1038 [CRITICAL] CVE-2006-1038: Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attacker
Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.
nvd
CVE-2004-1541P4HIGHCVSS 7.5v4.0.1v4.0.2+12 more2004-12-31
CVE-2004-1541 [HIGH] CVE-2004-1541: SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary comman
SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.
nvd
CVE-2001-1466P4HIGHCVSS 7.5≤ 3.4.12001-12-30
CVE-2001-1466 [HIGH] CVE-2001-1466: Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote atta
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password.
nvd
CVE-2003-0047P4MEDIUMCVSS 4.6v3.4.7v4.0.22003-02-19
CVE-2003-0047 [MEDIUM] CVE-2003-0047: SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunn
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
nvd