Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202407-11
HistoryJul 05, 2024 - 12:00 a.m.

PuTTY: Multiple Vulnerabilities

2024-07-0500:00:00
Gentoo Foundation
security.gentoo.org
11
putty
telnet
ssh
windows
unix
terminal emulator
vulnerabilities
cve
upgrade
keys

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

10

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON

Background

PuTTY is a free implementation of Telnet and SSH for Windows and Unix platforms, along with an xterm terminal emulator.

Description

Multiple vulnerabilities have been discovered in PuTTY. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All PuTTY users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/putty-0.81"

In addition, any keys generated with PuTTY versions 0.68 to 0.80 should be considered breached and should be regenerated.

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/putty< 0.81UNKNOWN

Related

nessus 54
openvas 24
alpinelinux 2
cvelist 1
githubexploit 1
freebsd 1
veracode 1
fedora 14
cve 1
osv 58
redos 2
vulnrichment 1
thn 1
debiancve 1
nvd 1
citrix 1
kaspersky 2
mageia 4
ubuntucve 2
cbl_mariner 4
ubuntu 3
debian 2
oraclelinux 3
ibm 5
redhat 5
amazon 1
almalinux 1
github 1
atlassian 1
cloudfoundry 1
nessus
nessus
GLSA-202407-11 : PuTTY: Multiple Vulnerabilities
2024-07-05 00:00:00
Fedora 39 : putty (2024-cba85cc558)
2024-04-26 00:00:00
PuTTY < 0.81 Key Recovery Attack Vulnerability
2024-04-17 00:00:00
openvas
openvas
Fedora: Security Advisory for filezilla (FEDORA-2024-0489e7ba1e)
2024-05-27 00:00:00
Mageia: Security Advisory (MGASA-2024-0140)
2024-04-22 00:00:00
Fedora: Security Advisory for libfilezilla (FEDORA-2024-0489e7ba1e)
2024-05-27 00:00:00
alpinelinux
alpinelinux
CVE-2024-31497
2024-04-15 20:15:11
CVE-2023-48795
2023-12-18 16:15:10
cvelist
cvelist
CVE-2024-31497
2024-04-15 00:00:00
githubexploit
githubexploit
Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty
2024-05-10 14:30:50
freebsd
freebsd
PuTTY and embedders (f.i., filezilla) -- biased RNG with NIST P521/ecdsa-sha2-nistp521 signatures permits recovering private key
2024-04-01 00:00:00
veracode
veracode
Biased ECDSA Nonce Generation
2024-04-17 12:02:23
fedora
fedora
[SECURITY] Fedora 39 Update: libfilezilla-0.47.0-1.fc39
2024-04-18 01:12:28
[SECURITY] Fedora 39 Update: filezilla-3.67.0-1.fc39
2024-04-18 01:12:28
[SECURITY] Fedora 40 Update: libfilezilla-0.47.0-1.fc40
2024-04-23 16:42:39
cve
cve
CVE-2024-31497
2024-04-15 20:15:11
osv
osv
CVE-2024-31497
2024-04-15 20:15:11
putty - security update
2024-06-20 00:00:00
Moderate: libssh security update
2024-01-31 00:00:00
redos
redos
ROS-20240503-08
2024-05-03 00:00:00
ROS-20240408-15
2024-04-08 00:00:00
vulnrichment
vulnrichment
CVE-2024-31497
2024-04-15 00:00:00
thn
thn
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
2024-04-16 11:14:00
debiancve
debiancve
CVE-2024-31497
2024-04-15 20:15:11
nvd
nvd
CVE-2024-31497
2024-04-15 20:15:11
citrix
citrix
Citrix Hypervisor Security Update for CVE-2024-31497
2024-05-08 16:47:45
kaspersky
kaspersky
KLA65600 OSI vulnerability in FileZilla
2024-04-15 00:00:00
KLA65599 OSI vulnerability in PuTTY
2024-04-15 00:00:00
mageia
mageia
Updated putty & filezilla packages fix security vulnerability
2024-04-20 21:11:17
Updated putty package fixes a security vulnerability (Terrapin attack)
2024-01-08 13:12:44
Updated dropbear package fixes a security vulnerability
2024-01-08 22:01:05
ubuntucve
ubuntucve
CVE-2024-31497
2024-04-15 00:00:00
CVE-2023-48795
2023-12-18 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-48795 affecting package openssh for versions less than 8.9p1-4
2024-01-19 03:54:24
CVE-2023-48795 affecting package kubevirt for versions less than null
2024-01-10 08:19:37
CVE-2023-48795 affecting package libssh for versions less than 0.10.6-1
2024-01-14 22:46:30
ubuntu
ubuntu
Paramiko vulnerability
2024-01-25 00:00:00
libssh2 vulnerability
2024-01-15 00:00:00
FileZilla vulnerability
2024-01-18 00:00:00
debian
debian
[SECURITY] [DLA 3718-1] php-phpseclib security update
2024-01-25 02:26:07
[SECURITY] [DSA 5600-1] php-phpseclib security update
2024-01-12 07:13:37
oraclelinux
oraclelinux
openssh security update
2024-03-19 00:00:00
buildah security update
2024-03-07 00:00:00
openssh security update
2024-03-18 00:00:00
ibm
ibm
Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2023-48795
2024-03-22 16:29:44
Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to a machine-in-the-middle attack due to Apache MINA SSHD (CVE-2023-48795)
2024-04-04 17:46:46
Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the paramiko package
2024-06-06 12:29:51
redhat
redhat
(RHSA-2024:2768) Moderate: Red Hat OpenStack Platform 17.1 (python-paramiko) security update
2024-05-22 20:34:42
(RHSA-2024:0499) Moderate: libssh security update
2024-01-25 15:19:29
(RHSA-2024:0625) Moderate: libssh security update
2024-01-31 08:08:23
amazon
amazon
Medium: openssh
2023-12-18 09:20:00
almalinux
almalinux
Moderate: libssh security update
2024-01-31 00:00:00
github
github
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
2023-12-18 19:22:09
atlassian
atlassian
CVE-2023-48795 vulnerability on SSH
2024-01-04 17:19:13
cloudfoundry
cloudfoundry
USN-6561-1: libssh vulnerability | Cloud Foundry
2024-04-04 00:00:00

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

10

Confidence

High

EPSS

0.965

Percentile

99.6%

JSON
Related for GLSA-202407-11
nessus54openvas24alpinelinux2cvelist1githubexploit1freebsd1veracode1fedora14cve1osv58redos2vulnrichment1thn1debiancve1nvd1citrix1kaspersky2mageia4ubuntucve2cbl_mariner4ubuntu3debian2oraclelinux3ibm5redhat5amazon1almalinux1github1atlassian1cloudfoundry1