Download
| Alert*
oval:org.mitre.oval:def:12178
PuTTY (32-bit) application is installed on Windows machine. oval:org.secpod.oval:def:72124 The host is installed with Putty before 0.75 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle the execution of a simple command to repeatedly change the terminals title. Successful exploitation could allow attackers to make the r ... oval:org.secpod.oval:def:58809 The host is installed with Putty before 0.73 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle the bracketed paste mode protection mechanism. Successful exploitation could allows attackers to listen on the same port to steal an ... oval:org.secpod.oval:def:53581 The host is installed with Putty before 0.71 and is prone to an application hijack vulnerability. A flaw is present in the application, which fails to properly handle a malicious help file. Successful exploitation could allow attackers to hijack the application. oval:org.secpod.oval:def:39752 The host is installed with PuTTY before 0.68 and is prone to an unspecified vulnerability. A flaw is present in the ssh_agent_channel_data function, which fails to handle a large length value in an agent protocol message. Successful exploitation allows remote attackers to have unspecified impact. oval:org.secpod.oval:def:16587 The host is installed with PuTTY before 0.63 and is prone to buffer underflow vulnerability. The flaw is present in the modmul function in sshbn.c in PuTTY, which is not properly handled when performing certain bit-shifting operations during modular multiplication. Successful exploitation allows rem ... oval:org.secpod.oval:def:16588 The host is installed with PuTTY before 0.63 and is prone to buffer overflow vulnerability. The flaw is present in the application, which is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality. Successful exploi ... oval:org.secpod.oval:def:16585 The host is installed with PuTTY 0.53b or earlier and is prone to information disclosure vulnerability. The flaw is present in the application, which does not clear logon credentials from memory, including plaintext passwords. Successful exploitation could allow attackers with access to memory to st ... oval:org.secpod.oval:def:16586 The host is installed with PuTTY 0.59 through 0.61 and is prone to unspecified vulnerability. The flaw is present in the application, which does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication. Successful exploitation might allow lo ... oval:org.secpod.oval:def:16589 The host is installed with PuTTY before 0.63 and is prone to information disclosure vulnerability. The flaw is present in the rsa_verify function in PuTTY, which does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory. Successful ... oval:org.secpod.oval:def:16583 The host is installed with PuTTY before 0.56 and is prone to buffer overflow vulnerability. The flaw is present in the application, which fails to properly handle a SSH2_MSG_DEBUG packet with a modified stringlen parameter. Successful exploitation could allow remote attackers to execute arbitrary co ... oval:org.secpod.oval:def:16584 The host is installed with PuTTY 0.53 or earlier and is prone to arbitrary code execution vulnerability. The flaw is present in the application, which fails to properly handle a certain character escape sequence and then insert it back to the command line in the user's terminal. Successful exploitat ... oval:org.secpod.oval:def:16582 The host is installed with PuTTY before 0.55 and is prone to multiple heap-based buffer overflow vulnerabilities. The flaws are present in the application, which fails to properly handle an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to wri ... oval:org.secpod.oval:def:33357 The host is installed with PuTTY before 0.66 and is prone to an integer overflow vulnerability. The flaw is present in the application, which fails to handle an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. Successful exploitation could allow ... oval:org.secpod.oval:def:34009 The host is installed with PuTTY before 0.67 and is prone to a stack-based buffer overflow vulnerability. A flaw is present in the SCP command-line utility, which fails to handle a crafted SCP-SINK file-size response to an SCP download request. Successful exploitation allows remote servers to cause ... oval:org.secpod.oval:def:33712 The host is installed with PuTTY 0.51 through 0.63 and is prone to an information disclosure vulnerability. The flaw is present in the (1) ssh2_load_userkey and (2) ssh2_save_userkey functions, which do not properly wipe SSH-2 private keys from memory. Successful exploitation allows local users to o ... oval:org.secpod.oval:def:15942 The host is installed with WinSCP before 5.1.6 or PuTTY 0.62 and earlier and is prone to an integer overflow vulnerability. The flaw is present in the application, which fails to handle a negative size value in an RSA key signature during the SSH handshake. Successful exploitation could allow attack ... oval:org.secpod.oval:def:58808 The host is installed with Putty before 0.73 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle port-forwarding listening sockets. Successful exploitation could allows attackers to listen on the same port to steal an incoming ... oval:org.secpod.oval:def:53580 The host is installed with Putty before 0.71 and is prone to a memory Overwrite vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:53583 The host is installed with Putty before 0.71 and is prone to a random number prediction vulnerability. A flaw is present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to predict random numbers being generated. oval:org.secpod.oval:def:53582 The host is installed with Putty before 0.71 and is prone to multiple denial of service vulnerabilities. The flaws are present in the application, which fails to properly handle crafted data. Successful exploitation could allow attackers to crash the application. oval:org.secpod.oval:def:50193 The host is installed with OpenSSH through 7.9p1 or putty through 0.70 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp client utility. Successful exploitation could allow a malicious server to manipulate the cl ... oval:org.secpod.oval:def:50194 The host is installed with OpenSSH through 7.9p1 or putty through 0.70 is prone to a security bypass vulnerability. A flaw is present in the application, which fails to properly handle an issue in the scp client utility. Successful exploitation could allow a malicious server to manipulate the client ... oval:org.secpod.oval:def:63982 The host is installed with Putty 0.68 through 0.73 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly handle algorithm negotiation. Successful exploitation could allows man-in-the-middle attackers to target initial connection attemp ... oval:org.secpod.oval:def:58810 The host is installed with Putty before 0.73 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an SSH1_MSG_DISCONNECT message. Successful exploitation could allows attackers to cause a denial of service by accessing freed memory l ... |