CVE-2023-6387

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
10 months ago Unit42.paloaltonetworks.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109

Critical OpenSSH vulnerability could affect millions of servers - Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet. In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, ...
10 months ago Techtarget.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109 CVE-2006- 5051

New regreSSHion OpenSSH RCE bug gives root on Linux servers - OpenSSH is a suite of networking utilities based on the Secure Shell protocol. It is extensively used for secure remote login, remote server management and administration, and file transfers via SCP and SFTP. The flaw, discovered by researchers at ...
10 months ago Bleepingcomputer.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109

Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack - Millions of OpenSSH servers could be affected by a newly disclosed vulnerability that can be exploited for unauthenticated remote code execution. The flaw, tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at ...
10 months ago Securityweek.com CVE-2024-6387 CVE-2006-5051

Vulnerability Summary for the Week of November 27, 2023 - PrimaryVendor - Product apple - multiple products Description A memory corruption vulnerability was addressed with improved locking. Published 2023-12-01 CVSS Score not yet calculated Source & Patch Info CVE-2023-48842 PrimaryVendor - Product dell - ...
1 year ago Cisa.gov CVE-2023-48842 CVE-2023-43089 CVE-2023-39226 CVE-2023-46690 CVE-2023-47207 CVE-2023-46886 CVE-2023-48882 CVE-2023-49656 CVE-2023-28896 CVE-2023-48016 CVE-2023-49092 CVE-2023-2266 CVE-2023-2267 CVE-2023-31177 CVE-2023-34388 CVE-2023-34389 CVE-2023-48848 CVE-2023-4398

CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
10 months ago Tenable.com

CVE-2023-6387 - A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution ...
1 year ago Tenable.com

Patching Perforce perforations: Critical RCE vulnerability discovered in Perforce Helix Core Server - Sig 11,887 p4api vs2017 static openssl3 p4api-2023.1.2468153-vs2017 static. Sig 11,847 p4api vs2017 static p4api-2023.1.2468153-vs2017 static. Sig 10,187 p4api vs2017 static vsdebug openssl3 p4api-2023.1.2468153-vs2017 static vsdebug. Sig 10,147 ...
1 year ago Microsoft.com

SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH. - Qualys published a blog posts with details regarding a critical remote code execution vulnerability. The CVEs associated with this vulnerability are CVE-2006-5051 and CVE-2024-6387, The reason for the two CVE numbers and the use of the old 2006 CVE ...
10 months ago Isc.sans.edu CVE-2006-5051 CVE-2024-6387

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
10 months ago Blog.qualys.com CVE-2024-6387 CVE-2006-5051

regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
10 months ago Packetstormsecurity.com CVE-2024-6387 CVE-2006-5051

Citrix NetScaler Vulnerability Allows Unauthorized Command Execution - Cloud Software Group issued urgent patches on February 18, 2025, for a high-severity vulnerability (CVE-2024-12284) affecting its NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. While exploitation requires existing access to the ...
2 months ago Cybersecuritynews.com CVE-2024-12284 CVE-2024-20341 CVE-2024-6387

CVE-2024-6387 - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing ...
7 months ago

CVE-2024-6409 - A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's ...
9 months ago

CVE-2024-7589 - A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context ...
8 months ago

CVE-2013-6387 - Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. ...
11 years ago

CVE-2017-6387 - The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. ...
8 years ago

CVE-2006-6387 - Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to ...
7 years ago

CVE-2015-6387 - Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. ...
1 year ago

CVE-2007-6387 - Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote ...
7 years ago

CVE-2008-6387 - Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. ...
7 years ago

CVE-2001-0581 - Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387. ...
7 years ago

CVE-2018-6387 - iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. ...
7 years ago

CVE-2020-6387 - Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. ...
5 years ago

CVE-2014-6387 - gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. ...
4 years ago