8 matches found
Azure Linux 3.0 Security Update: openssh (CVE-2024-39894)
The version of openssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39894 advisory. - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., fo...
SUSE: Security Advisory (SUSE-SU-2024:2393-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2393-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD-SA-25:01.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-25:01.openssh Security Advisory The FreeBSD Project Topic: OpenSSH Keystroke Obfuscation Bypass Category: contrib Module: openssh Announced: 2025-01-29 Credits:...
CVE-2024-39894
creationtimestamp| type| source ---|---|--- 2025-01-14 13:40:05+00:00| seen| https://t.me/truesecator/6617 2025-01-30 01:12:14+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/3431 2025-01-30 02:17:49+00:00| seen| Telegram/Plc1Tx0SWXX3aB1zRoArJevXAwXVll5-4SBMV0f0u8FhHFYy...
CVE-2024-39894 affecting package openssh for versions less than 9.8p1-1
CVE-2024-39894 affecting package openssh for versions less than 9.8p1-1. An upgraded version of the package is available that resolves this issue...
BELL-CVE-2024-39894
Bulletin has no description...
AZL-43140 CVE-2024-39894 affecting package openssh for versions less than 9.8p1-1
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur...