Vulnerabilities > Putty > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-03-27 | CVE-2015-2157 | Information Exposure vulnerability in multiple products The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. | 2.1 |
2013-08-23 | CVE-2011-4607 | Buffer Errors vulnerability in Putty 0.59/0.60/0.61 PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory. | 2.1 |
2013-08-19 | CVE-2013-4208 | Information Exposure vulnerability in multiple products The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. | 2.1 |
2007-03-07 | CVE-2006-7162 | Information Disclosure vulnerability in PUTTY PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files. local putty | 1.9 |