36 results (0.015 seconds)

CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 44

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog(). • https://github.com/l0n3m4n/CVE-2024-6387 https://github.com/thegenetic/CVE-2024-6387-exploit https://github.com/d0rb/CVE-2024-6387 https://github.com/devarshishimpi/CVE-2024-6387-Check https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387 https://github.com/Symbolexe/CVE-2024-6387 https://github.com/xonoxitron/regreSSHion https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit https://github.com/4lxprime/regreSSHive https://github.com/shamo0/CVE-2024-6387_PoC https:&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. En NetBSD versiones hasta 9.2, el algoritmo de generación de ID de fragmentos IPv6 emplea un PRNG criptográfico débil • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2021-001.txt.asc https://arxiv.org/pdf/2112.09604.pdf • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. En NetBSD versiones hasta 9.2, el algoritmo de generación de IPv4 ID no usa medidas criptográficas apropiadas • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2021-001.txt.asc https://arxiv.org/pdf/2112.09604.pdf • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. En NetBSD versiones hasta 9.2, se presenta un filtrado de información en el algoritmo de generación de TCP ISN (ISS) • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2021-001.txt.asc https://arxiv.org/pdf/2112.09604.pdf • CWE-330: Use of Insufficiently Random Values •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. En NetBSD versiones hasta 9.2, el algoritmo de generación de etiquetas de flujo IPv6 emplea un PRNG criptográfico débil • http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2021-001.txt.asc https://arxiv.org/pdf/2112.09604.pdf • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •