Vulnerabilities > Putty

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-36367 Insufficient Verification of Data Authenticity vulnerability in Putty
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
network
putty CWE-345
5.8
2021-05-21 CVE-2021-33500 Unspecified vulnerability in Putty
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.
network
low complexity
putty
5.0
2020-06-29 CVE-2020-14002 Information Exposure Through Discrepancy vulnerability in multiple products
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.
4.3
2019-10-01 CVE-2019-17069 Use After Free vulnerability in multiple products
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
network
low complexity
putty opensuse netapp CWE-416
5.0
2019-10-01 CVE-2019-17068 Injection vulnerability in multiple products
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
network
low complexity
putty opensuse CWE-74
5.0
2019-10-01 CVE-2019-17067 Allocation of Resources Without Limits or Throttling vulnerability in Putty
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
network
low complexity
putty CWE-770
7.5
2019-03-21 CVE-2019-9898 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
network
low complexity
putty fedoraproject debian opensuse netapp CWE-327
7.5
2019-03-21 CVE-2019-9897 Improper Input Validation vulnerability in multiple products
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
network
low complexity
putty fedoraproject debian netapp opensuse CWE-20
5.0
2019-03-21 CVE-2019-9896 Uncontrolled Search Path Element vulnerability in multiple products
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
local
low complexity
putty opensuse CWE-427
4.6
2019-03-21 CVE-2019-9895 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
network
low complexity
putty opengroup fedoraproject CWE-119
7.5