Filtered by vendor Putty
Subscribe
Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36367 | 1 Putty | 1 Putty | 2023-12-24 | 5.8 MEDIUM | 8.1 HIGH |
| PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). | |||||
| CVE-2016-6167 | 1 Putty | 1 Putty | 2022-05-01 | 4.4 MEDIUM | 7.8 HIGH |
| Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory. | |||||
| CVE-2019-9897 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | |||||
| CVE-2019-9896 | 2 Microsoft, Putty | 2 Windows, Putty | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | |||||
| CVE-2019-17069 | 2 Opensuse, Putty | 2 Leap, Putty | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | |||||
| CVE-2021-33500 | 2 Microsoft, Putty | 2 Windows, Putty | 2021-05-27 | 5.0 MEDIUM | 7.5 HIGH |
| PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same attack methodology may affect some OS-level GUIs on Linux or other platforms for similar reasons. | |||||
| CVE-2019-17068 | 2 Opensuse, Putty | 2 Leap, Putty | 2019-11-27 | 5.0 MEDIUM | 7.5 HIGH |
| PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | |||||
| CVE-2019-9894 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2019-04-26 | 6.4 MEDIUM | 7.5 HIGH |
| A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | |||||