Shodan
Vulnerabilities
Vulnerable Software
Putty:  >> Putty  Security Vulnerabilities
CVE-2019-17068
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
CVSS Score
7.5
EPSS Score
0.018
Published
2019-10-01
CVE-2019-17069
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
CVSS Score
7.5
EPSS Score
0.022
Published
2019-10-01
CVE-2019-9894
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVSS Score
7.5
EPSS Score
0.024
Published
2019-03-21
CVE-2019-9895
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
CVSS Score
9.8
EPSS Score
0.026
Published
2019-03-21
CVE-2019-9896
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
CVSS Score
7.8
EPSS Score
0.008
Published
2019-03-21
CVE-2019-9897
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
CVSS Score
7.5
EPSS Score
0.03
Published
2019-03-21
CVE-2019-9898
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
CVSS Score
9.8
EPSS Score
0.039
Published
2019-03-21
CVE-2017-6542
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
CVSS Score
9.8
EPSS Score
0.218
Published
2017-03-27
CVE-2016-6167
Multiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) UxTheme.dll or (2) ntmarta.dll file in the current working directory.
CVSS Score
7.8
EPSS Score
0.008
Published
2017-01-30
CVE-2015-2157
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
CVSS Score
2.1
EPSS Score
0.006
Published
2015-03-27


Products
Pricing
Contact Us

Shodan ® - All rights reserved