[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-36367":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":341,"aliases":342,"duplicate_of":9,"upstream":343,"downstream":344,"duplicates":353,"related":354,"reserved_at":9,"published_at":355,"modified_at":356,"state":357,"summary":358,"references_raw":367,"kevs":389,"epss":390,"epss_history":393,"metrics":651,"affected":664},"CVE-2021-36367","PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-345","Insufficient Verification of Data Authenticity","The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.","weakness","Draft","Class",[19,23,76,88,109,113,117,121,125,129,133,337],{"id":20,"name":21,"techniques":22},"CAPEC-111","JSON Hijacking (aka JavaScript Hijacking)",[],{"id":24,"name":25,"techniques":26},"CAPEC-141","Cache Poisoning",[27],{"id":28,"name":29,"tactics":30,"countermeasures":37},"T1557.002","ARP Cache Poisoning",[31,34],{"id":32,"name":33},"TA0031","Credential Access",{"id":35,"name":36},"TA0100","Collection",[38,43,47,51,55,59,63,67,71],{"id":39,"name":40,"tactic":41},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":42},"Detect",{"id":44,"name":45,"tactic":46},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":42},{"id":48,"name":49,"tactic":50},"D3-CSPP","Client-server Payload Profiling",{"name":42},{"id":52,"name":53,"tactic":54},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":42},{"id":56,"name":57,"tactic":58},"D3-NTSA","Network Traffic Signature Analysis",{"name":42},{"id":60,"name":61,"tactic":62},"D3-APCA","Application Protocol Command Analysis",{"name":42},{"id":64,"name":65,"tactic":66},"D3-NTCD","Network Traffic Community Deviation",{"name":42},{"id":68,"name":69,"tactic":70},"D3-RTSD","Remote Terminal Session Detection",{"name":42},{"id":72,"name":73,"tactic":74},"D3-NTF","Network Traffic Filtering",{"name":75},"Isolate",{"id":77,"name":78,"techniques":79},"CAPEC-142","DNS Cache Poisoning",[80],{"id":81,"name":82,"tactics":83,"countermeasures":87},"T1584.002","DNS Server",[84],{"id":85,"name":86},"TA0042","Resource Development",[],{"id":89,"name":90,"techniques":91},"CAPEC-148","Content Spoofing",[92],{"id":93,"name":94,"tactics":95,"countermeasures":99},"T1491","Defacement",[96],{"id":97,"name":98},"TA0105","Impact",[100,105],{"id":101,"name":102,"tactic":103},"D3-DNR","Decoy Network Resource",{"name":104},"Deceive",{"id":106,"name":107,"tactic":108},"D3-NRAM","Network Resource Access Mediation",{"name":75},{"id":110,"name":111,"techniques":112},"CAPEC-218","Spoofing of UDDI/ebXML Messages",[],{"id":114,"name":115,"techniques":116},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":118,"name":119,"techniques":120},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":122,"name":123,"techniques":124},"CAPEC-386","Application API Navigation Remapping",[],{"id":126,"name":127,"techniques":128},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":130,"name":131,"techniques":132},"CAPEC-388","Application API Button Hijacking",[],{"id":134,"name":135,"techniques":136},"CAPEC-665","Exploitation of Thunderbolt Protection Flaws",[137,173,213],{"id":138,"name":139,"tactics":140,"countermeasures":147},"T1211","Exploitation for Stealth",[141,144],{"id":142,"name":143},"TA0030","Defense Evasion",{"id":145,"name":146},"TA0005","Stealth",[148,152,156,160,165,169],{"id":149,"name":150,"tactic":151},"D3-MBT","Memory Boundary Tracking",{"name":42},{"id":153,"name":154,"tactic":155},"D3-PCSV","Process Code Segment Verification",{"name":42},{"id":157,"name":158,"tactic":159},"D3-SSC","Shadow Stack Comparisons",{"name":42},{"id":161,"name":162,"tactic":163},"D3-PSEP","Process Segment Execution Prevention",{"name":164},"Harden",{"id":166,"name":167,"tactic":168},"D3-SAOR","Segment Address Offset Randomization",{"name":164},{"id":170,"name":171,"tactic":172},"D3-SFCV","Stack Frame Canary Validation",{"name":164},{"id":174,"name":175,"tactics":176,"countermeasures":182},"T1542.002","Component Firmware",[177,178,179],{"id":142,"name":143},{"id":145,"name":146},{"id":180,"name":181},"TA0110","Persistence",[183,188,192,196,200,204,208],{"id":184,"name":185,"tactic":186},"D3-SWI","Software Inventory",{"name":187},"Model",{"id":189,"name":190,"tactic":191},"D3-AVE","Asset Vulnerability Enumeration",{"name":187},{"id":193,"name":194,"tactic":195},"D3-FEMC","Firmware Embedded Monitoring Code",{"name":42},{"id":197,"name":198,"tactic":199},"D3-FV","Firmware Verification",{"name":42},{"id":201,"name":202,"tactic":203},"D3-FBA","Firmware Behavior Analysis",{"name":42},{"id":205,"name":206,"tactic":207},"D3-SU","Software Update",{"name":164},{"id":209,"name":210,"tactic":211},"D3-RS","Restore Software",{"name":212},"Restore",{"id":214,"name":215,"tactics":216,"countermeasures":223},"T1556","Modify Authentication Process",[217,218,221,222],{"id":142,"name":143},{"id":219,"name":220},"TA0112","Defense Impairment",{"id":180,"name":181},{"id":32,"name":33},[224,228,232,236,240,244,248,252,256,260,265,269,273,277,281,285,289,293,297,301,305,309,313,317,321,325,329,333],{"id":225,"name":226,"tactic":227},"D3-CI","Configuration Inventory",{"name":187},{"id":229,"name":230,"tactic":231},"D3-NTPM","Network Traffic Policy Mapping",{"name":187},{"id":233,"name":234,"tactic":235},"D3-AM","Access Modeling",{"name":187},{"id":237,"name":238,"tactic":239},"D3-FA","File Analysis",{"name":42},{"id":241,"name":242,"tactic":243},"D3-FIM","File Integrity Monitoring",{"name":42},{"id":245,"name":246,"tactic":247},"D3-PLA","Process Lineage Analysis",{"name":42},{"id":249,"name":250,"tactic":251},"D3-PSMD","Process Self-Modification Detection",{"name":42},{"id":253,"name":254,"tactic":255},"D3-PSA","Process Spawn Analysis",{"name":42},{"id":257,"name":258,"tactic":259},"D3-SFA","System File Analysis",{"name":42},{"id":261,"name":262,"tactic":263},"D3-FEV","File Eviction",{"name":264},"Evict",{"id":266,"name":267,"tactic":268},"D3-PT","Process Termination",{"name":264},{"id":270,"name":271,"tactic":272},"D3-PS","Process Suspension",{"name":264},{"id":274,"name":275,"tactic":276},"D3-HR","Host Reboot",{"name":264},{"id":278,"name":279,"tactic":280},"D3-HS","Host Shutdown",{"name":264},{"id":282,"name":283,"tactic":284},"D3-DF","Decoy File",{"name":104},{"id":286,"name":287,"tactic":288},"D3-FE","File Encryption",{"name":164},{"id":290,"name":291,"tactic":292},"D3-RF","Restore File",{"name":212},{"id":294,"name":295,"tactic":296},"D3-RC","Restore Configuration",{"name":212},{"id":298,"name":299,"tactic":300},"D3-CF","Content Filtering",{"name":75},{"id":302,"name":303,"tactic":304},"D3-LFP","Local File Permissions",{"name":75},{"id":306,"name":307,"tactic":308},"D3-RFAM","Remote File Access Mediation",{"name":75},{"id":310,"name":311,"tactic":312},"D3-CQ","Content Quarantine",{"name":75},{"id":314,"name":315,"tactic":316},"D3-CM","Content Modification",{"name":75},{"id":318,"name":319,"tactic":320},"D3-KBPI","Kernel-based Process Isolation",{"name":75},{"id":322,"name":323,"tactic":324},"D3-SCF","System Call Filtering",{"name":75},{"id":326,"name":327,"tactic":328},"D3-HBPI","Hardware-based Process Isolation",{"name":75},{"id":330,"name":331,"tactic":332},"D3-ABPI","Application-based Process Isolation",{"name":75},{"id":334,"name":335,"tactic":336},"D3-WSAM","Web Session Access Mediation",{"name":75},{"id":338,"name":339,"techniques":340},"CAPEC-701","Browser in the Middle (BiTM)",[],[],[],[],[345,347,349,351],{"_key":346},"ALPINE-CVE-2021-36367",{"_key":348},"UBUNTU-CVE-2021-36367",{"_key":350},"DLA-3794-1",{"_key":352},"DEBIAN-CVE-2021-36367",[],[],"2021-07-09T00:00:00.000Z","2024-08-04T00:54:51.472Z","Modified",{"cisa_kev":359,"cisa_ransomware":359,"cisa_vendor":9,"epss_severity":360,"epss_score":361,"severity":362,"severity_score":363,"severity_version":364,"severity_source":365,"severity_vector":366,"severity_status":357},false,"low",0.00135,"high",8.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",[368,375,379,384],{"url":369,"sources":370,"tags":372},"https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html",[365,371],"nvd",[373,374],"Release Notes","Third Party Advisory",{"url":376,"sources":377,"tags":378},"https://git.tartarus.org/?p=simon/putty.git%3Ba=commit%3Bh=1dc5659aa62848f0aeb5de7bd3839fecc7debefa",[365,371],[],{"url":380,"sources":381,"tags":382},"https://www.debian.org/security/2023/dsa-5588",[365,371],[383],"Vendor Advisory",{"url":385,"sources":386,"tags":387},"https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html",[365,371],[388],"Mailing List",[],{"date":391,"score":361,"percentile":392},"2026-06-04",0.33036,[394,397,400,403,406,409,412,415,418,420,423,426,429,432,435,439,442,445,447,450,453,456,459,462,465,467,470,473,476,479,481,484,487,490,493,496,499,501,504,507,510,513,516,518,521,524,527,530,532,535,537,540,543,546,549,552,555,558,561,564,567,570,573,575,578,581,583,585,588,591,593,596,599,602,605,607,610,613,616,619,622,624,627,630,633,636,639,642,645,648],{"date":395,"score":361,"percentile":396},"2025-11-04",0.33987,{"date":398,"score":361,"percentile":399},"2025-11-05",0.33978,{"date":401,"score":361,"percentile":402},"2025-11-06",0.3398,{"date":404,"score":361,"percentile":405},"2025-11-07",0.33998,{"date":407,"score":361,"percentile":408},"2025-11-08",0.33993,{"date":410,"score":361,"percentile":411},"2025-11-09",0.33973,{"date":413,"score":361,"percentile":414},"2025-11-10",0.3392,{"date":416,"score":361,"percentile":417},"2025-11-11",0.33946,{"date":419,"score":361,"percentile":408},"2025-11-12",{"date":421,"score":361,"percentile":422},"2025-11-13",0.34008,{"date":424,"score":361,"percentile":425},"2025-11-14",0.34014,{"date":427,"score":361,"percentile":428},"2025-11-15",0.34013,{"date":430,"score":361,"percentile":431},"2025-11-16",0.33984,{"date":433,"score":361,"percentile":434},"2025-11-17",0.33958,{"date":436,"score":437,"percentile":438},"2025-11-18",0.00126,0.26901,{"date":440,"score":437,"percentile":441},"2025-11-19",0.26925,{"date":443,"score":437,"percentile":444},"2025-11-20",0.26931,{"date":446,"score":361,"percentile":408},"2025-11-21",{"date":448,"score":361,"percentile":449},"2025-11-22",0.33996,{"date":451,"score":361,"percentile":452},"2025-11-23",0.33963,{"date":454,"score":361,"percentile":455},"2025-11-24",0.33939,{"date":457,"score":361,"percentile":458},"2025-11-25",0.33933,{"date":460,"score":361,"percentile":461},"2025-11-26",0.33931,{"date":463,"score":361,"percentile":464},"2025-11-27",0.3394,{"date":466,"score":361,"percentile":414},"2025-11-28",{"date":468,"score":361,"percentile":469},"2025-11-29",0.33903,{"date":471,"score":361,"percentile":472},"2025-11-30",0.33882,{"date":474,"score":361,"percentile":475},"2025-12-01",0.33982,{"date":477,"score":361,"percentile":478},"2025-12-02",0.33997,{"date":480,"score":361,"percentile":449},"2025-12-03",{"date":482,"score":361,"percentile":483},"2025-12-04",0.3389,{"date":485,"score":361,"percentile":486},"2025-12-05",0.33924,{"date":488,"score":361,"percentile":489},"2025-12-06",0.33925,{"date":491,"score":361,"percentile":492},"2025-12-07",0.33905,{"date":494,"score":361,"percentile":495},"2025-12-08",0.33918,{"date":497,"score":361,"percentile":498},"2025-12-09",0.33959,{"date":500,"score":361,"percentile":425},"2025-12-10",{"date":502,"score":361,"percentile":503},"2025-12-11",0.34036,{"date":505,"score":361,"percentile":506},"2025-12-12",0.34065,{"date":508,"score":361,"percentile":509},"2025-12-13",0.34046,{"date":511,"score":361,"percentile":512},"2025-12-14",0.34019,{"date":514,"score":361,"percentile":515},"2025-12-15",0.33972,{"date":517,"score":361,"percentile":405},"2025-12-16",{"date":519,"score":361,"percentile":520},"2025-12-17",0.3405,{"date":522,"score":361,"percentile":523},"2025-12-18",0.341,{"date":525,"score":361,"percentile":526},"2025-12-19",0.34121,{"date":528,"score":361,"percentile":529},"2025-12-20",0.34104,{"date":531,"score":361,"percentile":509},"2025-12-21",{"date":533,"score":361,"percentile":534},"2025-12-22",0.34017,{"date":536,"score":361,"percentile":425},"2025-12-23",{"date":538,"score":361,"percentile":539},"2025-12-24",0.34009,{"date":541,"score":361,"percentile":542},"2025-12-25",0.34074,{"date":544,"score":361,"percentile":545},"2025-12-26",0.34054,{"date":547,"score":361,"percentile":548},"2025-12-27",0.34072,{"date":550,"score":361,"percentile":551},"2025-12-28",0.33967,{"date":553,"score":361,"percentile":554},"2025-12-29",0.33935,{"date":556,"score":361,"percentile":557},"2025-12-30",0.33927,{"date":559,"score":361,"percentile":560},"2025-12-31",0.33979,{"date":562,"score":361,"percentile":563},"2026-01-01",0.34133,{"date":565,"score":361,"percentile":566},"2026-01-02",0.34123,{"date":568,"score":361,"percentile":569},"2026-01-03",0.34109,{"date":571,"score":361,"percentile":572},"2026-01-04",0.3396,{"date":574,"score":361,"percentile":464},"2026-01-05",{"date":576,"score":361,"percentile":577},"2026-01-06",0.33951,{"date":579,"score":361,"percentile":580},"2026-01-07",0.33969,{"date":582,"score":361,"percentile":449},"2026-01-08",{"date":584,"score":361,"percentile":408},"2026-01-09",{"date":586,"score":361,"percentile":587},"2026-01-10",0.33994,{"date":589,"score":361,"percentile":590},"2026-01-11",0.33971,{"date":592,"score":361,"percentile":469},"2026-01-12",{"date":594,"score":361,"percentile":595},"2026-01-13",0.33889,{"date":597,"score":361,"percentile":598},"2026-01-14",0.33929,{"date":600,"score":361,"percentile":601},"2026-01-15",0.33922,{"date":603,"score":361,"percentile":604},"2026-01-16",0.33944,{"date":606,"score":361,"percentile":557},"2026-01-17",{"date":608,"score":361,"percentile":609},"2026-01-18",0.33868,{"date":611,"score":361,"percentile":612},"2026-01-19",0.3383,{"date":614,"score":361,"percentile":615},"2026-01-20",0.33813,{"date":617,"score":361,"percentile":618},"2026-01-21",0.33773,{"date":620,"score":361,"percentile":621},"2026-01-22",0.33751,{"date":623,"score":361,"percentile":615},"2026-01-23",{"date":625,"score":361,"percentile":626},"2026-01-24",0.33823,{"date":628,"score":361,"percentile":629},"2026-01-25",0.3376,{"date":631,"score":361,"percentile":632},"2026-01-26",0.33675,{"date":634,"score":361,"percentile":635},"2026-01-27",0.33665,{"date":637,"score":361,"percentile":638},"2026-01-28",0.33644,{"date":640,"score":361,"percentile":641},"2026-01-29",0.33605,{"date":643,"score":361,"percentile":644},"2026-01-30",0.33592,{"date":646,"score":361,"percentile":647},"2026-01-31",0.336,{"date":649,"score":361,"percentile":650},"2026-02-01",0.33698,[652,657],{"source":365,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":653,"cvss_v4_0":9},{"baseScore":363,"baseSeverity":654,"vectorString":366,"impactScore":655,"exploitabilityScore":656},"HIGH",8.7,7.2,{"source":371,"cvss_v2_0":658,"cvss_v3_0":9,"cvss_v3_1":663,"cvss_v4_0":9},{"baseScore":659,"baseSeverity":9,"vectorString":660,"impactScore":661,"exploitabilityScore":662},5.8,"AV:N/AC:M/Au:N/C:P/I:P/A:N",4.9,8.6,{"baseScore":363,"baseSeverity":654,"vectorString":366,"impactScore":655,"exploitabilityScore":656},[665],{"ecosystem":9,"name":666,"vendor":666,"product":666,"cpe_part":667,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":668},"putty","a",[669],{"version":670,"is_range":671,"range_type":672,"version_start":9,"version_start_type":9,"version_end":673,"version_end_type":674,"fixed_in":9},"lte0.75",true,"cpe","0.75","including"]