CVSS: 5.9EPSS: 15%CPEs: 8EXPL: 3CVE-2024-31497 – Gentoo Linux Security Advisory 202407-11
https://notcve.org/view.php?id=CVE-2024-31497
15 Apr 2024 — In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forw... • https://github.com/sh1k4ku/CVE-2024-31497 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 8.8EPSS: 3%CPEs: 1EXPL: 3CVE-2019-14422 – TortoiseSVN 1.12.1 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-14422
15 Aug 2019 — An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. • https://www.exploit-db.com/exploits/47252 •