pkg:Debian/putty

39 total CVEsCRITICAL4HIGH8MEDIUM6LOW2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2019-9898Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
    from 0, < 0.70-6
  • CRITICAL9.8CVE-2019-9895In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
    from 0, < 0.70-6
  • CRITICAL9.8CVE-2017-6542The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an…
    from 0, < 0.67-3
  • CRITICAL9.8CVE-2016-2563Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to ca…
    from 0, < 0.67-1
  • HIGH8.1CVE-2021-36367PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response.
    from 0, < 0.74-1+deb11u1
  • HIGH7.5CVE-2019-17069putty - security update
    from 0, < 0.73-1
  • HIGH7.5CVE-2019-17069putty - security update
    from 0, < 0.74-1+deb11u1~deb10u1
  • HIGH7.5CVE-2019-17068PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboa…
    from 0, < 0.73-1
  • HIGH7.5CVE-2019-9897Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
    from 0, < 0.70-6
  • HIGH7.5CVE-2019-9894putty - security update
    from 0, < 0.70-6
  • HIGH7.5CVE-2019-9894putty - security update
    from 0, < 0.67-3+deb9u1
  • HIGH7.5CVE-2019-9894putty - security update
    from 0, < 0.63-10+deb8u2
  • MEDIUM5.9CVE-2026-48850PuTTY 0.72 before 0.84 has a double free in RSA KEX.
    from 0
  • MEDIUM5.9CVE-2024-31497putty - security update
    from 0, < 0.74-1+deb11u2
  • MEDIUM5.9CVE-2024-31497putty - security update
    from 0, < 0.74-1+deb11u1~deb10u2
  • MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
    from 0, < 0.74-1+deb11u1
  • MEDIUM5.9CVE-2023-48795Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
    from 0, < 0.74-1+deb11u1
  • MEDIUM5.9CVE-2020-14002PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation.
    from 0, < 0.74-1
  • LOW3.7CVE-2026-48852PuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.
    from 0
  • LOW3.1CVE-2026-48851PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between prox…
    from 0
  • CVE-2026-4115A vulnerability was detected in PuTTY 0.83.
    from 0
  • CVE-2015-5309putty - security update
    from 0, < 0.66-1
  • CVE-2015-5309putty - security update
    from 0, < 0.60+2010-02-20-1+squeeze4
  • CVE-2015-5309putty - security update
    from 0, < 0.62-9+deb7u3
  • CVE-2015-2157putty - security update
    from 0, < 0.63-10
  • CVE-2015-2157putty - security update
    from 0, < 0.62-9+deb7u2
  • CVE-2015-2157putty - security update
    from 0, < 0.60+2010-02-20-1+squeeze3
  • CVE-2011-4607PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentic…
    from 0, < 0.62-1
  • CVE-2013-4852Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a den…
    from 0, < 0.63-1
  • CVE-2013-4208The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures…
    from 0, < 0.63-1
  • CVE-2013-4207Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature…
    from 0, < 0.63-1
  • CVE-2013-4206putty - several
    from 0, < 0.63-1
  • CVE-2013-4206putty - several
    from 0, < 0.60+2010-02-20-1+squeeze2
  • CVE-2006-7162PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs crea…
    from 0, < 0.59-1
  • CVE-2005-0467Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, a…
    from 0, < 0.57-1
  • CVE-2004-1008Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_D…
    from 0, < 0.56-1
  • CVE-2004-1440Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via a…
    from 0, < 0.56-1
  • CVE-2003-0069The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it bac…
    from 0, < 0.54-1
  • CVE-2003-0048PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with acces…
    from 0, < 0.53-b-2003-01-04-1