Vulnerabilities > Putty > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-36367 Insufficient Verification of Data Authenticity vulnerability in Putty
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
network
low complexity
putty CWE-345
8.1
2021-05-21 CVE-2021-33500 Unspecified vulnerability in Putty
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls.
network
low complexity
putty
7.5
2019-10-01 CVE-2019-17069 Use After Free vulnerability in multiple products
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
network
low complexity
putty opensuse netapp CWE-416
7.5
2019-10-01 CVE-2019-17068 Injection vulnerability in multiple products
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
network
low complexity
putty opensuse CWE-74
7.5
2019-03-21 CVE-2019-9897 Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
network
low complexity
putty fedoraproject debian netapp opensuse
7.5
2019-03-21 CVE-2019-9896 Uncontrolled Search Path Element vulnerability in multiple products
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
local
low complexity
putty opensuse CWE-427
7.8
2019-03-21 CVE-2019-9894 Key Management Errors vulnerability in multiple products
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
network
low complexity
putty fedoraproject debian netapp opensuse CWE-320
7.5
2017-01-30 CVE-2016-6167 Untrusted Search Path vulnerability in Putty 0.67
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.
local
low complexity
putty CWE-426
7.8