PuTTY

PuTTY

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-9896

  • EPSS 2.28%
  • Veröffentlicht 21.03.2019 16:01:17
  • Zuletzt bearbeitet 21.11.2024 04:52:31

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

9.8

CVE-2019-9895

  • EPSS 1.06%
  • Veröffentlicht 21.03.2019 16:01:17
  • Zuletzt bearbeitet 21.11.2024 04:52:31

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

7.5

CVE-2019-9894

  • EPSS 0.94%
  • Veröffentlicht 21.03.2019 16:01:17
  • Zuletzt bearbeitet 21.11.2024 04:52:31

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

9.8

CVE-2017-6542

  • EPSS 25.85%
  • Veröffentlicht 27.03.2017 17:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forward...

7.8

CVE-2016-6167

Exploit
  • EPSS 0.12%
  • Veröffentlicht 30.01.2017 22:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.

2.1

CVE-2015-2157

  • EPSS 0.27%
  • Veröffentlicht 27.03.2015 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

2.1

CVE-2011-4607

  • EPSS 0.06%
  • Veröffentlicht 23.08.2013 16:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.

6.8

CVE-2013-4852

  • EPSS 1.75%
  • Veröffentlicht 19.08.2013 23:55:09
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negativ...

2.1

CVE-2013-4208

  • EPSS 0.06%
  • Veröffentlicht 19.08.2013 23:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

4.3

CVE-2013-4207

  • EPSS 0.58%
  • Veröffentlicht 19.08.2013 23:55:08
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a divisi...