putty (SUSE:Package Hub 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 package putty, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2019-9895 — CVSS 9.8 (critical): In PuTTY versions before 0.71 on Unix, a remotely triggerable buffer overflow exists in any kind of server-to-client forwarding.
CVE-2019-9896 — CVSS 7.8 (high): In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same…
CVE-2019-9894 — CVSS 7.5 (high): A remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before host key verification.
CVE-2019-17068 — CVSS 7.5 (high): PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious…
CVE-2019-9897 — CVSS 7.5 (high): Multiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY versions before 0.71.
CVE-2019-17069 — CVSS 7.5 (high): PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an…