Where
-Infinity
0

Trending

Last week
Last month
Last year

Vendor Risk Score

See how putty compares to other vendors in security performance

View Risk Score →

Putty PuTTYPuTTY 0.71 before 0.84 has an assertion failure in ECDSA signature verification.

Risk 20
Severity
3.7
First published (updated )
CVE-2026-48852

Putty PuTTYPuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the t…

Risk 17
Severity
3.1
First published (updated )
CVE-2026-48851

Putty PuTTYDouble Free

Risk 20
Severity
3.7
First published (updated )
CVE-2026-48850

oss-secPuTTY 0.84 leased with 3 minor security fixes

First published (updated )
https://seclists.org/oss-sec/2026/q2/688

Putty PuTTYPuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verification

Risk 15
Severity
2.9
EPSS
0.01%
First published (updated )
CVE-2026-4115
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

BleepingComputerPuTTY SSH client flaw allows recovery of cryptographic private keys

First published (updated )
News
BleepingComputer

CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client

First published (updated )
https://seclists.org/oss-sec/2024/q2/122

Fedoraproject FedoraSecret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client

Risk 27
Severity
5.9
EPSS
0.05%
First published (updated )
CVE-2024-31497

CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)

First published (updated )
https://seclists.org/oss-sec/2023/q4/297

Fortinet FortiSIEMOpenSSH Terrapin attack (CVE-2023-48795)

Risk 37
Severity
6
First published (updated )
CVE-2023-48795
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

debian/puttyPuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive…

Risk 59
Severity
8.1
First published (updated )
CVE-2021-36367

Putty PuTTYPuTTY before 0.75 on Windows allows remote servers to cause a denial of service (Windows GUI hang) b…

Risk 43
Severity
7.5
First published (updated )
CVE-2021-33500

Fedoraproject FedoraPuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorith…

Risk 35
Severity
5.9
First published (updated )
CVE-2020-14002

Putty PuTTYPuTTY before 0.73 on Windows improperly opens port-forwarding listening sockets, which allows attack…

Risk 86
Severity
9.8
First published (updated )
CVE-2019-17067

openSUSE LeapPuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a sess…

Risk 43
Severity
7.5
First published (updated )
CVE-2019-17068
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

openSUSE LeapUse After Free

Risk 43
Severity
7.5
First published (updated )
CVE-2019-17069

Fedoraproject FedoraPotential recycling of random numbers used in cryptography exists within PuTTY before 0.71.

Risk 86
Severity
9.8
First published (updated )
CVE-2019-9898

Fedoraproject FedoraMultiple denial-of-service attacks that can be triggered by writing to the terminal exist in PuTTY v…

Risk 43
Severity
7.5
First published (updated )
CVE-2019-9897

Putty PuTTYIn PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a …

Risk 69
Severity
7.8
First published (updated )
CVE-2019-9896

Putty PuTTYBuffer Overflow

Risk 86
Severity
9.8
First published (updated )
CVE-2019-9895
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Fedoraproject FedoraA remotely triggerable memory overwrite in RSA key exchange in PuTTY before 0.71 can occur before ho…

Risk 43
Severity
7.5
First published (updated )
CVE-2019-9894

Putty PuTTYBuffer Overflow

Risk 86
Severity
9.8
First published (updated )
CVE-2017-6542

Putty PuTTYMultiple untrusted search path vulnerabilities in Putty beta 0.67 allow local users to execute arbit…

Risk 68
Severity
7.8
First published (updated )
CVE-2016-6167

Putty PuTTYInfoleak

Risk 13
Severity
2.1
First published (updated )
CVE-2015-2157

Putty PuTTYBuffer Overflow

Risk 13
Severity
2.1
First published (updated )
CVE-2011-4607
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Putty PuTTYBuffer Overflow

Risk 22
Severity
4.3
First published (updated )
CVE-2013-4207

Putty PuTTYBuffer Overflow

Risk 47
Severity
6.8
First published (updated )
CVE-2013-4206

Putty PuTTYInfoleak

Risk 13
Severity
2.1
First published (updated )
CVE-2013-4208

WinSCP WinSCPBuffer Overflow, Integer Overflow

Risk 47
Severity
6.8
First published (updated )
CVE-2013-4852

Putty PuTTYPuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generate…

Risk 12
Severity
1.9
First published (updated )
CVE-2006-7162
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203