Filtered by vendor Putty
Subscriptions
Filtered by product Putty
Subscriptions
Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1357 | 7 Cisco, Fissh, Intersoft and 4 more | 7 Ios, Ssh Client, Securenetterm and 4 more | 2025-04-03 | N/A |
| Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. | ||||
| CVE-2021-36367 | 1 Putty | 1 Putty | 2024-11-21 | 8.1 High |
| PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). | ||||
| CVE-2021-33500 | 2 Microsoft, Putty | 2 Windows, Putty | 2024-11-21 | 7.5 High |
| PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons. | ||||
| CVE-2020-14002 | 3 Fedoraproject, Netapp, Putty | 3 Fedora, Oncommand Unified Manager Core Package, Putty | 2024-11-21 | 5.9 Medium |
| PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client). | ||||
| CVE-2019-9898 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | N/A |
| Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | ||||
| CVE-2019-9897 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | N/A |
| Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | ||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2024-11-21 | 7.8 High |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | ||||
| CVE-2019-9895 | 3 Fedoraproject, Opengroup, Putty | 3 Fedora, Unix, Putty | 2024-11-21 | N/A |
| In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | ||||
| CVE-2019-9894 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | N/A |
| A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | ||||
| CVE-2019-17069 | 3 Netapp, Opensuse, Putty | 3 Oncommand Unified Manager Core Package, Leap, Putty | 2024-11-21 | 7.5 High |
| PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | ||||
| CVE-2019-17068 | 2 Opensuse, Putty | 2 Leap, Putty | 2024-11-21 | 7.5 High |
| PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | ||||
| CVE-2019-17067 | 2 Microsoft, Putty | 2 Windows, Putty | 2024-11-21 | 9.8 Critical |
| PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | ||||