Vulnerabilities > Putty
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-09 | CVE-2021-36367 | Insufficient Verification of Data Authenticity vulnerability in Putty PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. | 5.8 |
| 2021-05-21 | CVE-2021-33500 | Unspecified vulnerability in Putty PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. | 5.0 |
| 2020-06-29 | CVE-2020-14002 | Information Exposure Through Discrepancy vulnerability in multiple products PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. | 4.3 |
| 2019-10-01 | CVE-2019-17069 | Use After Free vulnerability in multiple products PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | 5.0 |
| 2019-10-01 | CVE-2019-17068 | Injection vulnerability in multiple products PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | 5.0 |
| 2019-10-01 | CVE-2019-17067 | Allocation of Resources Without Limits or Throttling vulnerability in Putty PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | 7.5 |
| 2019-03-21 | CVE-2019-9898 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 7.5 |
| 2019-03-21 | CVE-2019-9897 | Improper Input Validation vulnerability in multiple products Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | 5.0 |
| 2019-03-21 | CVE-2019-9896 | Uncontrolled Search Path Element vulnerability in multiple products In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | 4.6 |
| 2019-03-21 | CVE-2019-9895 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | 7.5 |