CVSS: 9.8EPSS: 13%CPEs: 2EXPL: 2CVE-2016-2563 – Putty pscp 0.66 - Stack Buffer Overwrite
https://notcve.org/view.php?id=CVE-2016-2563
11 Mar 2016 — Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request. Desbordamiento de buffer basado en pila en la utilidad comando-línea de SCP en PuTTY en versiones anteriores a 0.67 y KiTTY 0.66.6.3 y versiones anteriores permite a servidores remotos causar una denegación de servicio (corrupc... • https://packetstorm.news/files/id/136166 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2015-5309 – Gentoo Linux Security Advisory 201606-01
https://notcve.org/view.php?id=CVE-2015-5309
02 Dec 2015 — Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. Desbordamiento de entero en el emulador de terminal en PuTTY en versiones anteriores a 0.66 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código arbitrario a través d... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2015-2157 – Debian Security Advisory 3190-1
https://notcve.org/view.php?id=CVE-2015-2157
16 Mar 2015 — The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory. Las funciones (1) ssh2_load_userkey y (2) ssh2_save_userkey en PuTTY 0.51 hasta 0.63 no limpian correctamente las claves privadas SSH-2 de la memoria, lo que permite a usuarios remotos obtener información sensible mediante la lectura de la memoria. Patrick Coleman discovered that the Putty... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151790.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2013-4206 – Gentoo Linux Security Advisory 201309-08
https://notcve.org/view.php?id=CVE-2013-4206
12 Aug 2013 — Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing certain bit-shifting operations during modular multiplication. Desbordamiento de búfer basado en memoria dinámica en la función modmul en sshbn.c en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de ... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2013-4207 – Gentoo Linux Security Advisory 201309-08
https://notcve.org/view.php?id=CVE-2013-4207
12 Aug 2013 — Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a different vulnerability than CVE-2013-4206. Desbordamiento de búfer en PuTTY 0.62 y anteriores, permite a servidores SSH remotos provocar una denegación de servicio (caída) a través de una firma DSA no válida que no es m... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4208 – Gentoo Linux Security Advisory 201309-08
https://notcve.org/view.php?id=CVE-2013-4208
12 Aug 2013 — The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. La función rsa_verify en PuTTY anterior a 0.63 (1) no limpia de memoria los procesos sensibles después de usarlos y (2)no libera determinadas estructuras que contienen procesos sensibles, lo que podría permitir a usuarios locales descubrir claves privadas RSA y DSA. ... • http://lists.opensuse.org/opensuse-updates/2013-08/msg00035.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 57EXPL: 0CVE-2013-4852 – PuTTY 0.62 Heap Overflow
https://notcve.org/view.php?id=CVE-2013-4852
06 Aug 2013 — Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key signature during the SSH handshake, which triggers a heap-based buffer overflow. Desbordamiento de entero en PuTTY 0.62 y anteriores, WinSCP anterior a 5.1.6, y otros productos que usan PuTTY, permite a servidores SSH remotos provocar ... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718779 • CWE-189: Numeric Errors •