Vulnerabilities > Putty > High

DATE CVE VULNERABILITY TITLE RISK
2021-07-09 CVE-2021-36367 Insufficient Verification of Data Authenticity vulnerability in Putty
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
network
low complexity
putty CWE-345
8.1
2019-10-01 CVE-2019-17069 Use After Free vulnerability in multiple products
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
network
low complexity
putty opensuse netapp CWE-416
7.5
2019-10-01 CVE-2019-17067 Allocation of Resources Without Limits or Throttling vulnerability in Putty
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
network
low complexity
putty CWE-770
7.5
2019-03-21 CVE-2019-9897 Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
network
low complexity
putty fedoraproject debian netapp opensuse
7.5
2019-03-21 CVE-2019-9894 Key Management Errors vulnerability in multiple products
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
network
low complexity
putty fedoraproject debian netapp opensuse CWE-320
7.5
2005-02-21 CVE-2005-0467 Remote Security vulnerability in PUTTY
Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.
network
low complexity
putty
7.5
2004-12-31 CVE-2004-1440 Unspecified vulnerability in Putty
Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.
network
low complexity
putty
7.5
2003-03-18 CVE-2003-0069 Remote Security vulnerability in Putty 0.53
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g.
network
low complexity
putty
7.5