CVE-2024-31497
https://notcve.org/view.php?id=CVE-2024-31497
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. • https://github.com/sh1k4ku/CVE-2024-31497 https://github.com/HugoBond/CVE-2024-31497-POC http://www.openwall.com/lists/oss-security/2024/04/15/6 https://bugzilla.redhat.com/show_bug.cgi?id=2275183 https://bugzilla.suse.com/show_bug.cgi?id=1222864 https://docs.ccv.brown.edu/oscar/connecting-to-oscar/ssh/ssh-agent-forwarding/key-generation-and-agent-forwarding-with-putty https://filezilla-project.org/versions.php https://git.tartarus.org/?h=c193fe9848f50a88a4089aac647fecc31ae96d27&p=sim • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVE-2010-3199
https://notcve.org/view.php?id=CVE-2010-3199
Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Tortoise. NOTE: this is only a vulnerability when a file extension is associated with TortoiseProc or TortoiseMerge, which is not the default. Vulnerabilidad ruta de búsqueda no confiable en TortoiseSVN v1.6.10, Build 19898 y anteriores, permite ejecutar codigo de sue eleccion a usuarios locales, y posiblemente a atacantes remotos también llevar a cabo ataques a través de secuestro de archivo DLL a través del caballo de troya dwmapi.dll que se encuentra en la misma carpeta que el archivo que está tratando de procesar Tortoise. NOTE: Esta vulnerabilidad se produce cuando una extensión de fichero está asociada con TortoiseProc o TortoiseMerge, lo que no está configurado por defecto. • http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653163 http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2653202&orderBy=createDate&orderType=desc http://www.securityfocus.com/archive/1/513442/100/0/threaded http://www.securityfocus.com/archive/1/513463/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •