Vulnerabilities > Putty > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-09 | CVE-2021-36367 | Insufficient Verification of Data Authenticity vulnerability in Putty PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. | 8.1 |
2019-10-01 | CVE-2019-17069 | Use After Free vulnerability in multiple products PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | 7.5 |
2019-10-01 | CVE-2019-17067 | Allocation of Resources Without Limits or Throttling vulnerability in Putty PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. | 7.5 |
2019-03-21 | CVE-2019-9897 | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | 7.5 |
2019-03-21 | CVE-2019-9894 | Key Management Errors vulnerability in multiple products A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | 7.5 |
2005-02-21 | CVE-2005-0467 | Remote Security vulnerability in PUTTY Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. | 7.5 |
2004-12-31 | CVE-2004-1440 | Unspecified vulnerability in Putty Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication. | 7.5 |
2003-03-18 | CVE-2003-0069 | Remote Security vulnerability in Putty 0.53 The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. | 7.5 |