rpm package
opensuse/filezilla&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/filezilla&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-31497 | — | < 3.67.0-1.1 | 3.67.0-1.1 | Apr 15, 2024 | In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by P | ||
| CVE-2019-5429 | — | < 3.55.1-1.2 | 3.55.1-1.2 | Apr 29, 2019 | Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. | ||
| CVE-2013-4852 | — | < 3.23.0.2-1.1 | 3.23.0.2-1.1 | Aug 19, 2013 | Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key sig | ||
| CVE-2013-4208 | — | < 3.23.0.2-1.1 | 3.23.0.2-1.1 | Aug 19, 2013 | The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys. | ||
| CVE-2013-4207 | — | < 3.23.0.2-1.1 | 3.23.0.2-1.1 | Aug 19, 2013 | Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum funct | ||
| CVE-2013-4206 | — | < 3.23.0.2-1.1 | 3.23.0.2-1.1 | Aug 19, 2013 | Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing ce |
- CVE-2024-31497Apr 15, 2024affected < 3.67.0-1.1fixed 3.67.0-1.1
In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by P
- CVE-2019-5429Apr 29, 2019affected < 3.55.1-1.2fixed 3.55.1-1.2
Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory.
- CVE-2013-4852Aug 19, 2013affected < 3.23.0.2-1.1fixed 3.23.0.2-1.1
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code in certain applications that use PuTTY via a negative size value in an RSA key sig
- CVE-2013-4208Aug 19, 2013affected < 3.23.0.2-1.1fixed 3.23.0.2-1.1
The rsa_verify function in PuTTY before 0.63 (1) does not clear sensitive process memory after use and (2) does not free certain structures containing sensitive process memory, which might allow local users to discover private RSA and DSA keys.
- CVE-2013-4207Aug 19, 2013affected < 3.23.0.2-1.1fixed 3.23.0.2-1.1
Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum funct
- CVE-2013-4206Aug 19, 2013affected < 3.23.0.2-1.1fixed 3.23.0.2-1.1
Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service (crash) and possibly trigger memory corruption or code execution via a crafted DSA signature, which is not properly handled when performing ce