CyberSecurityBoard
Sponsor Register Login

CVE-2024-6387

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Publication date: Mon, 01 Jul 2024 00:00:00 +0000


Cyber News related to CVE-2024-6387

Threat Brief: CVE-2024-6387 OpenSSH RegreSSHion Vulnerability - On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers on glibc-based Linux systems. Using Palo Alto Networks Xpanse data, we observed 23 million instances of OpenSSH servers including all versions. ...
9 months ago Unit42.paloaltonetworks.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109
Critical OpenSSH vulnerability could affect millions of servers - Qualys disclosed a critical OpenSSH vulnerability and warned that more than 14 million potentially vulnerable server instances are exposed to the internet. In a blog post on Monday, Bharat Jogi, senior director of Qualys' Threat Research Unit, ...
9 months ago Techtarget.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109 CVE-2006- 5051
New regreSSHion OpenSSH RCE bug gives root on Linux servers - OpenSSH is a suite of networking utilities based on the Secure Shell protocol. It is extensively used for secure remote login, remote server management and administration, and file transfers via SCP and SFTP. The flaw, discovered by researchers at ...
9 months ago Bleepingcomputer.com CVE-2024-6387 CVE-2006-5051 CVE-2008-4109
Millions of OpenSSH Servers Potentially Vulnerable to Remote regreSSHion Attack - Millions of OpenSSH servers could be affected by a newly disclosed vulnerability that can be exploited for unauthenticated remote code execution. The flaw, tracked as CVE-2024-6387 and named regreSSHion, was discovered by the threat research unit at ...
9 months ago Securityweek.com CVE-2024-6387 CVE-2006-5051
Citrix NetScaler Vulnerability Allows Unauthorized Command Execution - Cloud Software Group issued urgent patches on February 18, 2025, for a high-severity vulnerability (CVE-2024-12284) affecting its NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. While exploitation requires existing access to the ...
2 months ago Cybersecuritynews.com CVE-2024-12284 CVE-2024-20341 CVE-2024-6387
AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
6 months ago Feeds.dzone.com
CVE-2024-6409 - A signal handler race condition vulnerability was found in OpenSSH's server (sshd) in Red Hat Enterprise Linux 9, where a client does not authenticate within LoginGraceTime seconds (120 by default, 600 in old OpenSSH versions), then sshd's ...
9 months ago
CVE-2024-7589 - A signal handler in sshd(8) may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context ...
8 months ago
SSH "regreSSHion" Remote Code Execution Vulnerability in OpenSSH. - Qualys published a blog posts with details regarding a critical remote code execution vulnerability. The CVEs associated with this vulnerability are CVE-2006-5051 and CVE-2024-6387, The reason for the two CVE numbers and the use of the old 2006 CVE ...
9 months ago Isc.sans.edu CVE-2006-5051 CVE-2024-6387
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
9 months ago Blog.qualys.com CVE-2024-6387 CVE-2006-5051
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server - The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH's server in glibc-based Linux systems. CVE assigned to this vulnerability is CVE-2024-6387. The vulnerability, which is a signal handler ...
9 months ago Packetstormsecurity.com CVE-2024-6387 CVE-2006-5051
CVE-2024-6387 - A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing ...
7 months ago
CVE-2013-6387 - Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. ...
11 years ago
CVE-2017-6387 - The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DEX file. ...
8 years ago
CVE-2006-6387 - Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to ...
7 years ago
CVE-2015-6387 - Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573. ...
1 year ago
CVE-2007-6387 - Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote ...
7 years ago
CVE-2008-6387 - Quick Tree View .NET 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to qtv.mdb. ...
7 years ago
CVE-2001-0581 - Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387. ...
7 years ago
CVE-2018-6387 - iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded password of admin for the admin account, a hardcoded password of support for the support account, and a hardcoded password of user for the user account. ...
7 years ago
CVE-2020-6387 - Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. ...
5 years ago
CVE-2014-6387 - gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind. ...
4 years ago
CVE-2016-6387 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
55 years ago Tenable.com
CVE-2023-6387 - A potential buffer overflow exists in the Bluetooth LE HCI CPC sample application in the Gecko SDK which may result in a denial of service or remote code execution ...
1 year ago Tenable.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)