Product:

Putty

(Putty)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 26
Date ID Summary Products Score Patch
2019-10-01 CVE-2019-17069 PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. Leap, Putty N/A
2019-10-01 CVE-2019-17068 PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. Leap, Putty N/A
2019-10-01 CVE-2019-17067 PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. Putty N/A
2019-03-21 CVE-2019-9898 Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty 9.8
2019-03-21 CVE-2019-9897 Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty 7.5
2019-03-21 CVE-2019-9894 A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Debian_linux, Fedora, Oncommand_unified_manager, Leap, Putty 7.5
2019-03-21 CVE-2019-9896 In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. Putty 7.8
2019-03-21 CVE-2019-9895 In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. Fedora, Putty 9.8
2017-03-27 CVE-2017-6542 The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. Leap, Leap, Putty 9.8
2015-03-27 CVE-2015-2157 The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Debian_linux, Fedora, Opensuse, Putty, Putty N/A