Putty : Security Vulnerabilities, CVEs, Published In 2019
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
Max CVSS
7.5
EPSS Score
0.25%
Published
2019-10-01
Updated
2022-03-31
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
Max CVSS
7.5
EPSS Score
0.15%
Published
2019-10-01
Updated
2019-11-27
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection.
Max CVSS
9.8
EPSS Score
0.24%
Published
2019-10-01
Updated
2019-11-27
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
Max CVSS
9.8
EPSS Score
2.24%
Published
2019-03-21
Updated
2021-07-21
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
Max CVSS
7.5
EPSS Score
0.99%
Published
2019-03-21
Updated
2021-07-21
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
Max CVSS
7.8
EPSS Score
0.04%
Published
2019-03-21
Updated
2022-04-05
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
Max CVSS
9.8
EPSS Score
1.63%
Published
2019-03-21
Updated
2019-04-05
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
Max CVSS
7.5
EPSS Score
3.50%
Published
2019-03-21
Updated
2019-04-26
8 vulnerabilities found