CVE-2026-48852
- EPSS 0.27%
- Veröffentlicht 25.05.2026 20:19:20
- Zuletzt bearbeitet 27.05.2026 19:11:47
PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
CVE-2026-48851
- EPSS 0.22%
- Veröffentlicht 25.05.2026 20:16:31
- Zuletzt bearbeitet 27.05.2026 19:12:40
PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session.
CVE-2026-48850
- EPSS 0.32%
- Veröffentlicht 25.05.2026 20:13:58
- Zuletzt bearbeitet 27.05.2026 19:14:46
PuTTY 0.72 before 0.84 has a double free in RSA KEX.
CVE-2026-4115
- EPSS 0.53%
- Veröffentlicht 22.03.2026 12:15:07
- Zuletzt bearbeitet 30.04.2026 18:33:16
A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verification of cryptographic signature. The attack may be...
CVE-2024-31497
- EPSS 5.77%
- Veröffentlicht 15.04.2024 20:15:11
- Zuletzt bearbeitet 04.11.2025 22:16:00
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is abl...
CVE-2023-48795
- EPSS 93.31%
- Veröffentlicht 18.12.2023 16:15:10
- Zuletzt bearbeitet 12.05.2026 11:16:15
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...
CVE-2021-36367
- EPSS 1.11%
- Veröffentlicht 09.07.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:13:36
PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attack...
CVE-2021-33500
- EPSS 1.97%
- Veröffentlicht 21.05.2021 20:15:07
- Zuletzt bearbeitet 21.11.2024 06:08:57
PuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) by telling the PuTTY window to change its title repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. NOTE: the same ...
CVE-2020-14002
- EPSS 3.15%
- Veröffentlicht 29.06.2020 18:15:11
- Zuletzt bearbeitet 21.11.2024 05:02:19
PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the ...
CVE-2019-17069
- EPSS 2.25%
- Veröffentlicht 01.10.2019 17:15:10
- Zuletzt bearbeitet 21.11.2024 04:31:38
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.