Mobaxterm@* Security Vulnerabilities and Issues — Mobaxterm@* CVE List

Lucene search

MobatekMobaxterm*

4 matches found

CVE•added 2022/12/06 12:15 a.m.•70 views

CVE-2022-38337

When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. The server treats this as an invalid login attempt which can result in a Denial of Service (DoS) for the user if services like fail2ban are used.

9.1CVSS9.1AI score0.00178EPSS

CVE•added 2022/12/06 12:15 a.m.•68 views

CVE-2022-38336

An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication.

8.1CVSS7.9AI score0.00082EPSS

CVE•added 2015/11/04 3:59 a.m.•41 views

CVE-2015-7244

The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets.

7.5CVSS7.7AI score0.05175EPSS

CVE•added 2021/06/03 11:15 a.m.•32 views

CVE-2021-28847

MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.

7.5CVSS7.4AI score0.00467EPSS