rpm package
suse/putty&distro=SUSE Package Hub 15
pkg:rpm/suse/putty&distro=SUSE%20Package%20Hub%2015
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-17068 | — | < 0.73-bp151.4.6.1 | 0.73-bp151.4.6.1 | Oct 1, 2019 | PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content. | ||
| CVE-2019-17069 | — | < 0.73-bp151.4.6.1 | 0.73-bp151.4.6.1 | Oct 1, 2019 | PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | ||
| CVE-2019-9898 | — | < 0.71-bp150.4.3.1 | 0.71-bp150.4.3.1 | Mar 21, 2019 | Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | ||
| CVE-2019-9897 | — | < 0.71-bp150.4.3.1 | 0.71-bp150.4.3.1 | Mar 21, 2019 | Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71. | ||
| CVE-2019-9896 | — | < 0.71-bp150.4.3.1 | 0.71-bp150.4.3.1 | Mar 21, 2019 | In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | ||
| CVE-2019-9895 | — | < 0.71-bp150.4.3.1 | 0.71-bp150.4.3.1 | Mar 21, 2019 | In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding. | ||
| CVE-2019-9894 | — | < 0.71-bp150.4.3.1 | 0.71-bp150.4.3.1 | Mar 21, 2019 | A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification. |
- CVE-2019-17068Oct 1, 2019affected < 0.73-bp151.4.6.1fixed 0.73-bp151.4.6.1
PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.
- CVE-2019-17069Oct 1, 2019affected < 0.73-bp151.4.6.1fixed 0.73-bp151.4.6.1
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
- CVE-2019-9898Mar 21, 2019affected < 0.71-bp150.4.3.1fixed 0.71-bp150.4.3.1
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
- CVE-2019-9897Mar 21, 2019affected < 0.71-bp150.4.3.1fixed 0.71-bp150.4.3.1
Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
- CVE-2019-9896Mar 21, 2019affected < 0.71-bp150.4.3.1fixed 0.71-bp150.4.3.1
In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable.
- CVE-2019-9895Mar 21, 2019affected < 0.71-bp150.4.3.1fixed 0.71-bp150.4.3.1
In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
- CVE-2019-9894Mar 21, 2019affected < 0.71-bp150.4.3.1fixed 0.71-bp150.4.3.1
A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.