Vulnerabilities (CVE)

Vendor filter

Putty Subscribe

Filter

26 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17067 1 Putty 1 Putty 2019-10-08 7.5
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
CVE-2019-17069 2 Putty, Opensuse 2 Putty, Leap 2019-10-08 5.0
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
CVE-2019-17068 2 Putty, Opensuse 2 Putty, Leap 2019-10-08 5.0
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
CVE-2019-9894 5 Putty, Fedoraproject, Netapp and 2 more 5 Putty, Fedora, Oncommand Unified Manager and 2 more 2019-04-26 6.4
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVE-2019-9897 5 Putty, Fedoraproject, Netapp and 2 more 5 Putty, Fedora, Oncommand Unified Manager and 2 more 2019-04-26 5.0
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
CVE-2019-9898 5 Putty, Fedoraproject, Netapp and 2 more 5 Putty, Fedora, Oncommand Unified Manager and 2 more 2019-04-26 7.5
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
CVE-2019-9895 1 Putty 1 Putty 2019-03-21 7.5
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
CVE-2019-9896 1 Putty 1 Putty 2019-03-21 4.6
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
CVE-2015-2157 6 Debian, Simon Tatham, Fedoraproject and 3 more 6 Debian Linux, Putty, Fedora and 3 more 2019-03-21 2.1
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
CVE-2013-4208 2 Simon Tatham, Putty 2 Putty, Putty 2019-03-21 2.1
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
CVE-2013-4207 2 Simon Tatham, Putty 2 Putty, Putty 2019-03-21 4.3
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a...
CVE-2013-4206 2 Simon Tatham, Putty 2 Putty, Putty 2019-03-21 6.8
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not...
CVE-2011-4607 2 Simon Tatham, Putty 2 Putty, Putty 2019-03-21 2.1
PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.
CVE-2013-4852 6 Debian, Simon Tatham, Novell and 3 more 6 Debian Linux, Winscp, Putty and 3 more 2019-03-21 6.8
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a...
CVE-2017-6542 3 Putty, Opensuse Project, Opensuse 3 Leap, Putty, Leap 2018-10-30 7.5
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the...
CVE-2002-1360 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary...
CVE-2002-1359 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder...
CVE-2002-1358 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2002-1357 7 Putty, Cisco, Intersoft and 4 more 7 Shellguard Ssh, Ios, Securenetterm and 4 more 2017-10-11 10.0
Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder...
CVE-2005-0467 1 Putty 1 Putty 2017-07-11 7.5
Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses...