14 matches found
FileZilla < 3.67.0 Insecure Key Recovery Vulnerability (CVE-2024-31497)
The FileZilla application installed on the remote host is prior to 3.67.0. It is, therefore, affected by a key recovery vulnerability where biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. Note that Nessu...
[SECURITY] [DLA 3839-1] putty security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3839-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 20, 2024 https://wiki.debian.org/LTS -...
Fedora: Security Advisory for putty (FEDORA-2024-08a4a5ead8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2024-cba85cc558)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for libfilezilla (FEDORA-2024-ff9a2fb31c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 38 : filezilla / libfilezilla (2024-0489e7ba1e)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-0489e7ba1e advisory. Fix for CVE-2024-31497 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
openSUSE Security Advisory (openSUSE-SU-2024:0111-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2024:0111-1 Security update for putty
This update for putty fixes the following issues: Update to release 0.81 Fix CVE-2024-31497: NIST P521 / ecdsa-sha2-nistp521 signatures are no longer generated with biased values of k. The previous bias compromises private keys...
Security update for putty (important)
openSUSE Security Update: Security update for putty Announcement ID: openSUSE-SU-2024:0111-1 Rating: important References: Cross-References: CVE-2024-31497 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes one vulnerability is now available. Description: This update for putty...
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
The maintainers of the PuTTY Secure Shell SSH and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 ecdsa-sha2-nistp521 private keys. The flaw has been assigned the CVE identifier...
CVE-2024-31497
creationtimestamp| type| source ---|---|--- 2024-04-16 08:46:23+00:00| seen| https://t.me/habrcomnews/26965 2024-04-16 14:06:21+00:00| seen| https://t.me/KomunitiSiber/1793 2024-04-16 14:12:39+00:00| seen| https://t.me/RedTeamFeed/267 2024-04-16 14:49:01+00:00| seen|...
FreeBSD : PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key (080936ba-fbb7-11ee-abc8-6960f2492b1d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 080936ba-fbb7-11ee-abc8-6960f2492b1d advisory. - In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a...
KLA73523 OSI vulnerability in WinSCP
Information disclosure vulnerability was found in WinSCP. Malicious users can exploit this vulnerability to obtain sensitive information, bypass security restrictions. Original advisories Changes in WinSCP 6.3.3 Exploitation Public exploits exist for this vulnerability. Related products WinSCP CV...
KLA65600 OSI vulnerability in FileZilla
Information disclosure vulnerability was found in FileZilla. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories oss-security – CVE-2024-31497: Secret Key Recovery of NIST P-521 Private Keys Through Biased ECDSA Nonces in PuTTY Client Exploitation...