CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 44CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anteriores de OpenSSH), luego se llama al controlador SIGALRM de sshd de forma asincrónica. Sin embargo, este controlador de señales llama a varias funciones que no son seguras para señales asíncronas, por ejemplo, syslog(). • https://github.com/l0n3m4n/CVE-2024-6387 https://github.com/thegenetic/CVE-2024-6387-exploit https://github.com/d0rb/CVE-2024-6387 https://github.com/devarshishimpi/CVE-2024-6387-Check https://github.com/AiGptCode/ssh_exploiter_CVE-2024-6387 https://github.com/Symbolexe/CVE-2024-6387 https://github.com/xonoxitron/regreSSHion https://github.com/PrincipalAnthony/CVE-2024-6387-Updated-x64bit https://github.com/4lxprime/regreSSHive https://github.com/shamo0/CVE-2024-6387_PoC https:&# • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 1CVE-2024-3049 – Booth: specially crafted hash can lead to invalid hmac being accepted by booth server
https://notcve.org/view.php?id=CVE-2024-3049
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server. Se encontró una falla en Booth, un administrador de tickets de clúster. Si se pasa un hash especialmente manipulado a gcry_md_get_algo_dlen(), es posible que el servidor Booth acepte un HMAC no válido. • https://github.com/truonghuuphuc/CVE-2024-30491-Poc https://access.redhat.com/errata/RHSA-2024:3657 https://access.redhat.com/errata/RHSA-2024:3658 https://access.redhat.com/errata/RHSA-2024:3659 https://access.redhat.com/errata/RHSA-2024:3660 https://access.redhat.com/errata/RHSA-2024:3661 https://access.redhat.com/errata/RHSA-2024:4400 https://access.redhat.com/errata/RHSA-2024:4411 https://access.redhat.com/security/cve/CVE-2024-3049 https://bugzilla.redhat.com/sho • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.5EPSS: 5%CPEs: 21EXPL: 1CVE-2023-50387 – bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator
https://notcve.org/view.php?id=CVE-2023-50387
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records. Ciertos aspectos DNSSEC del protocolo DNS (en RFC 4035 y RFC relacionados) permiten a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de una o más respuestas DNSSEC cuando hay una zona con muchos registros DNSKEY y RRSIG, también conocido como "KeyTrap". " asunto. La especificación del protocolo implica que un algoritmo debe evaluar todas las combinaciones de registros DNSKEY y RRSIG. Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled. • https://github.com/knqyf263/CVE-2023-50387 http://www.openwall.com/lists/oss-security/2024/02/16/2 http://www.openwall.com/lists/oss-security/2024/02/16/3 https://access.redhat.com/security/cve/CVE-2023-50387 https://bugzilla.suse.com/show_bug.cgi?id=1219823 https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1 https://kb.isc.org/docs/cve-2023-50387 https://lists&# • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6536 – Kernel: null pointer dereference in __nvmet_req_complete
https://notcve.org/view.php?id=CVE-2023-6536
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca pánico en el kernel y una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:3810 https://access.redhat.com/security/cve/CVE-2023-6536 https://bugzilla.redhat.com/show • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2023-6535 – Kernel: null pointer dereference in nvmet_tcp_execute_request
https://notcve.org/view.php?id=CVE-2023-6535
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service. Se encontró una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado envíe un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca pánico en el kernel y una denegación de servicio. • https://access.redhat.com/errata/RHSA-2024:0723 https://access.redhat.com/errata/RHSA-2024:0724 https://access.redhat.com/errata/RHSA-2024:0725 https://access.redhat.com/errata/RHSA-2024:0881 https://access.redhat.com/errata/RHSA-2024:0897 https://access.redhat.com/errata/RHSA-2024:1248 https://access.redhat.com/errata/RHSA-2024:2094 https://access.redhat.com/errata/RHSA-2024:3810 https://access.redhat.com/security/cve/CVE-2023-6535 https://bugzilla.redhat.com/show • CWE-476: NULL Pointer Dereference •