Vulnerabilities (CVE)

Vendor filter

Putty Subscribe

Filter

10 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17069 2 Putty, Opensuse 2 Putty, Leap 2019-10-08 5.0
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
CVE-2019-17068 2 Putty, Opensuse 2 Putty, Leap 2019-10-08 5.0
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
CVE-2019-9894 5 Putty, Fedoraproject, Netapp and 2 more 5 Putty, Fedora, Oncommand Unified Manager and 2 more 2019-04-26 6.4
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVE-2019-9897 5 Putty, Fedoraproject, Netapp and 2 more 5 Putty, Fedora, Oncommand Unified Manager and 2 more 2019-04-26 5.0
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
CVE-2019-9896 1 Putty 1 Putty 2019-03-21 4.6
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
CVE-2013-4207 2 Simon Tatham, Putty 2 Putty, Putty 2019-03-21 4.3
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a...
CVE-2013-4852 6 Debian, Simon Tatham, Novell and 3 more 6 Debian Linux, Winscp, Putty and 3 more 2019-03-21 6.8
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a...
CVE-2013-4206 2 Simon Tatham, Putty 2 Putty, Putty 2019-03-21 6.8
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not...
CVE-2003-0048 1 Putty 1 Putty 2016-10-18 4.6
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
CVE-2000-0476 4 Rxvt, Putty, Xfree86 Project and 1 more 4 Rxvt, Putty, Eterm and 1 more 2008-09-10 5.0
xterm, Eterm, and rxvt allow an attacker to cause a denial of service by embedding certain escape characters which force the window to be resized.