OpenSSH server (sshd) 9.8p1 - Race Condition

Exploit Title : OpenSSH server sshd 9.8p1 - Race Condition Author : Milad Karimi Ex3ptionaL Date : 2025-04-16 Description: Targets a signal handler race condition in OpenSSH's server sshd on glibc-based Linux systems. It exploits a vulnerability where the SIGALRM handler calls async-signal-unsafe...

SUSE-SU-2025:0726-1 Security update for socat

This update for socat fixes the following issues: - CVE-2015-1379: lack of async-signal-safe signal handlers can lead to crashes or freezing of socat processes bsc922903...

Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities

Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details...

Security update for openssh

This update for openssh fixes the following issues: CVE-2024-39894: Fixed timing attacks against echo-off password entry bsc1227318 CVE-2024-6387: Fixed race condition in a signal handler bsc1226642. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods lik...

SUSE-SU-2025:20009-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2024-39894: Fixed timing attacks against echo-off password entry bsc1227318 - CVE-2024-6387: Fixed race condition in a signal handler bsc1226642...

zlib-rs stack overflow during decompression with malicious input

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...

GHSA-J3PX-Q95C-9683 zlib-rs stack overflow during decompression with malicious input

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...

RUSTSEC-2024-0401 Denial of service because of stack overflow with malicious decompression input

A denial of service vulnerability was found in zlib-rs, triggered by specially constructed input. This input causes a stack overflow, resulting in the process using zlib-rs to crash. Impact Due to the way LLVM handles the zlib-rs codebase, tail calls were not guaranteed. This caused certain input...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2604)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2614)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2454)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-2455)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2454)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by...

EulerOS 2.0 SP12 : openssh (EulerOS-SA-2024-2455)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime seconds 120 by...

Siemens Industrial Products

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Vulnerability in the internal interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allowing attackers to escalate their privileges

The vulnerability in the internal interfaces of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the use of a signal handler for a non-reachable function. Exploiting this vulnerability can allow an attacker acting locally to increase their privileges...

Rocky Linux 9 : OpenSSH regreSSHion (CVE-2024-6387)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the 'Rocky Linux 9 - CVE-2024-6387: regreSSHion' news article. sshd: Signal handler race condition that can lead to a potential remote code execution. CVE-2024-6387 Note this plugin only...

K000140768: OpenSSH vulnerability CVE-2024-7589

Security Advisory Description A signal handler in sshd8 may call a logging function that is not async-signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds 120 by default. This signal handler executes in the context of the sshd8's...

EulerOS Virtualization 2.11.0 : openssh (EulerOS-SA-2024-2184)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime...

EulerOS Virtualization 2.11.1 : openssh (EulerOS-SA-2024-2159)

According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A signal handler race condition was found in OpenSSH's server sshd, where a client does not authenticate within LoginGraceTime...