PuTTY

PuTTY

32 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2019-9896

  • EPSS 2.28%
  • Published 21.03.2019 16:01:17
  • Last modified 21.11.2024 04:52:31

In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.

9.8

CVE-2019-9895

  • EPSS 1.06%
  • Published 21.03.2019 16:01:17
  • Last modified 21.11.2024 04:52:31

In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.

7.5

CVE-2019-9894

  • EPSS 0.94%
  • Published 21.03.2019 16:01:17
  • Last modified 21.11.2024 04:52:31

A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.

9.8

CVE-2017-6542

  • EPSS 25.85%
  • Published 27.03.2017 17:59:00
  • Last modified 20.04.2025 01:37:25

The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forward...

7.8

CVE-2016-6167

Exploit
  • EPSS 0.12%
  • Published 30.01.2017 22:59:00
  • Last modified 20.04.2025 01:37:25

Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.

2.1

CVE-2015-2157

  • EPSS 0.27%
  • Published 27.03.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.

2.1

CVE-2011-4607

  • EPSS 0.06%
  • Published 23.08.2013 16:55:06
  • Last modified 11.04.2025 00:51:21

PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.

6.8

CVE-2013-4852

  • EPSS 1.75%
  • Published 19.08.2013 23:55:09
  • Last modified 11.04.2025 00:51:21

Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negativ...

2.1

CVE-2013-4208

  • EPSS 0.06%
  • Published 19.08.2013 23:55:08
  • Last modified 11.04.2025 00:51:21

The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.

4.3

CVE-2013-4207

  • EPSS 0.58%
  • Published 19.08.2013 23:55:08
  • Last modified 11.04.2025 00:51:21

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a divisi...