CVSS: 7.8EPSS: 3%CPEs: 4EXPL: 1CVE-2019-9896
https://notcve.org/view.php?id=CVE-2019-9896
21 Mar 2019 — In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. En PuTTY, en versiones anteriores a la 0.71 en Windows, los atacantes locales podrían secuestrar la aplicación colocando un archivo de ayuda malicioso en el mismo directorio que el ejecutable. • https://github.com/yasinyilmaz/vuln-chm-hijack • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2019-9895 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9895
21 Mar 2019 — In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. En PuTTY, en versiones anteriores a la 0.71 en Unix, existe un desbordamiento de búfer desencadenable remotamente en cualquier tipo de redirección servidor-a-cliente. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers could potentially b... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-9894 – Debian Security Advisory 4423-1
https://notcve.org/view.php?id=CVE-2019-9894
21 Mar 2019 — A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. Puede ocurrir una sobrescritura de memoria desencadenable remotamente en el intercambio de claves RSA en PuTTY, en versiones anteriores a la 0.71, antes de la verificación de claves del host. Multiple vulnerabilities were found in the PuTTY SSH client, which could result in denial of service and potentially the execution of arbitrary code. In addition, in some situations random numbers co... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00004.html • CWE-320: Key Management Errors •
CVSS: 9.8EPSS: 25%CPEs: 3EXPL: 2CVE-2017-6542 – PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption
https://notcve.org/view.php?id=CVE-2017-6542
20 Mar 2017 — The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow. La función ssh_agent_channel_data en PuTTY en versiones anteriores a 0.68 permite a atacantes remotos tener un impacto no especificado a través de un valor de longitud grande en un mensaje de protocolo de age... • https://packetstorm.news/files/id/142870 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-6167 – Putty Beta 0.67 DLL Hijacking
https://notcve.org/view.php?id=CVE-2016-6167
01 Jul 2016 — Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory. Varias vulnerabilidades de rutas de búsqueda no confiables en Putty beta 0.67 permiten a los usuarios locales ejecutar código arbitrario y realizar ataques de secuestro de DLL mediante un archivo troyano (1) UxTheme.dll o (2) ntmarta.dll en el directorio de trabajo actual. P... • https://packetstorm.news/files/id/137742 • CWE-426: Untrusted Search Path •
CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 2CVE-2016-2563 – Putty pscp 0.66 - Stack Buffer Overwrite
https://notcve.org/view.php?id=CVE-2016-2563
11 Mar 2016 — Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request. Desbordamiento de buffer basado en pila en la utilidad comando-línea de SCP en PuTTY en versiones anteriores a 0.67 y KiTTY 0.66.6.3 y versiones anteriores permite a servidores remotos causar una denegación de servicio (corrupc... • https://packetstorm.news/files/id/136166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2015-5309 – Gentoo Linux Security Advisory 201606-01
https://notcve.org/view.php?id=CVE-2015-5309
02 Dec 2015 — Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. Desbordamiento de entero en el emulador de terminal en PuTTY en versiones anteriores a 0.66 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través d... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-2157 – Debian Security Advisory 3190-1
https://notcve.org/view.php?id=CVE-2015-2157
16 Mar 2015 — The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria. Patrick Coleman discovered that the Putty... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4607 – Gentoo Linux Security Advisory 201308-01
https://notcve.org/view.php?id=CVE-2011-4607
21 Aug 2013 — PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory. PuTTY v0.59 hasta v0.61 no borra la memoria de procesos sensibles en la gestión de las respuestas del usuario que se producen durante la autenticación interactiva por teclado, lo que podría permitir a usuarios locales leer las contraseñas de inicio de sesión mediante ... • http://seclists.org/oss-sec/2011/q4/499 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2013-4206 – Gentoo Linux Security Advisory 201309-08
https://notcve.org/view.php?id=CVE-2013-4206
12 Aug 2013 — Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication. Desbordamiento de búfer basado en memoria dinámica en la función modmul en sshbn.c en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de ... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •