CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 0CVE-2004-1440
https://notcve.org/view.php?id=CVE-2004-1440
31 Dec 2004 — Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication. • http://marc.info/?l=bugtraq&m=109167869528138&w=2 •
CVSS: 10.0EPSS: 21%CPEs: 10EXPL: 0CVE-2004-1008
https://notcve.org/view.php?id=CVE-2004-1008
01 Dec 2004 — Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow. Error de falta de signo en enteros en la función ssh2_rdpkt en PuTTY anteriores a 0.56 permite a atacantes remotos ejecutar código de su elección mediante un paquete SSH2_MSG_DEBUG con un parámetro stringlen modificado, lo que conduce a un desbordamiento de búfer. • http://marc.info/?l=bugtraq&m=109889312917613&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2003-0048
https://notcve.org/view.php?id=CVE-2003-0048
01 Feb 2003 — PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. PuTTy 0.53b y anteriores no borran los credenciales de inicio de sesión de memoria, incluyendo contraseñas en texto plano, lo que podría permitir a atacantes con acceso a memoria robar los credenciales SSH. • http://marc.info/?l=bugtraq&m=104386492422014&w=2 •
CVSS: 10.0EPSS: 16%CPEs: 16EXPL: 0CVE-2002-1357
https://notcve.org/view.php?id=CVE-2002-1357
17 Dec 2002 — Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0CVE-2002-1358
https://notcve.org/view.php?id=CVE-2002-1358
17 Dec 2002 — Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 80%CPEs: 16EXPL: 2CVE-2002-1359 – PuTTy.exe 0.53 - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1359
17 Dec 2002 — Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite. • https://www.exploit-db.com/exploits/16463 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0CVE-2002-1360
https://notcve.org/view.php?id=CVE-2002-1360
17 Dec 2002 — Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html • CWE-20: Improper Input Validation •