Known Vulnerabilities for products from Putty
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Putty".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-48795 json | 5.9 - MEDIUM | 2023-12-18 | 2024-03-13 | |
| CVE-2021-36367 json | PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.... | 8.1 - HIGH | 2021-07-09 | 2023-12-24 |
| CVE-2021-33500 json | PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY windo... | 7.5 - HIGH | 2021-05-21 | 2021-05-27 |
| CVE-2020-14002 json | PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allow... | 5.9 - MEDIUM | 2020-06-29 | 2023-11-07 |
| CVE-2019-17069 json | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SS... | 7.5 - HIGH | 2019-10-01 | 2022-03-31 |
| CVE-2019-17068 json | PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by mal... | 7.5 - HIGH | 2019-10-01 | 2019-11-27 |
| CVE-2019-17067 json | PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same... | 9.8 - CRITICAL | 2019-10-01 | 2019-11-27 |
| CVE-2019-9898 json | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 9.8 - CRITICAL | 2019-03-21 | 2023-11-07 |
| CVE-2019-9897 json | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | 7.5 - HIGH | 2019-03-21 | 2023-11-07 |
| CVE-2019-9896 json | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in th... | 7.8 - HIGH | 2019-03-21 | 2022-04-05 |
| CVE-2019-9895 json | In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwardi... | 9.8 - CRITICAL | 2019-03-21 | 2023-11-07 |
| CVE-2019-9894 json | A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. | 7.5 - HIGH | 2019-03-21 | 2023-11-07 |
| CVE-2017-6542 json | The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large lengt... | 9.8 - CRITICAL | 2017-03-27 | 2023-11-07 |
| CVE-2016-6167 json | Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL... | 7.8 - HIGH | 2017-01-30 | 2022-05-01 |
| CVE-2015-2157 json | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private k... | 2.1 - LOW | 2015-03-27 | 2019-03-21 |
| CVE-2013-4852 json | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers ... | 6.8 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2013-4208 json | The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free cert... | 2.1 - LOW | 2013-08-19 | 2019-03-21 |
| CVE-2013-4207 json | Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid... | 4.3 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2013-4206 json | Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denia... | 6.8 - MEDIUM | 2013-08-19 | 2021-08-06 |
| CVE-2011-4607 json | PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interac... | 2.1 - LOW | 2013-08-23 | 2019-03-21 |
Known software with vulnerabilities from Putty
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Putty | Putty | - |