CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17067
https://notcve.org/view.php?id=CVE-2019-17067
PuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attackers to listen on the same port to steal an incoming connection. PuTTY versiones anteriores a 0.73 en Windows abre inapropiadamente los sockets de escucha de reenvío de puertos, lo que permite a los atacantes escuchar sobre el mismo puerto para robar una conexión entrante. • https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html https://security.netapp.com/advisory/ntap-20191127-0003 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-17068
https://notcve.org/view.php?id=CVE-2019-17068
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. PuTTY versiones anteriores a 0.73, maneja inapropiadamente el mecanismo de protección "bracketed paste mode", que puede permitir que una sesión esté afectada por el contenido malicioso del portapapeles. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00030.html https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html https://security.netapp.com/advisory/ntap-20191127-0003 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-17069
https://notcve.org/view.php?id=CVE-2019-17069
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. PuTTY versiones anteriores a 0.73, podría permitir que los servidores remotos SSH-1 causen una denegación de servicio mediante el acceso a ubicaciones de memoria liberadas por medio de un mensaje SSH1_MSG_DISCONNECT. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00030.html https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html https://security.netapp.com/advisory/ntap-20191127-0003 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2019-9898
https://notcve.org/view.php?id=CVE-2019-9898
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. Existe el reciclado potencial de números aleatorios empleados en criptografía en PuTTY, en versiones anteriores a la 0.71. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html http://www.securityfocus.com/bid/107523 https://lists.debian.org/debian-lts-announce/2019/04/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES https://seclists.org&#x • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2019-9897
https://notcve.org/view.php?id=CVE-2019-9897
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. Existen múltiples ataques de denegación de servicio (DoS) que pueden desencadenarse escribiendo en la terminal en PuTTY, en versiones anteriores a la 0.71. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00020.html https://lists.debian.org/debian-lts-announce/2019/04/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36LWQ3NPFIV7DC7TC4KFPRYRH2OR7SZ2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LDO3F267P347E6U2IILFCYW7JPTLCCES https://seclists.org/bugtraq/2019/Apr/6 https://security. •