NewStart CGSL MAIN 6.06 (SP) : openssh Vulnerability (NS-SA-2026-0002)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has openssh packages installed that are affected by a vulnerability: - A race condition in sshd affecting versions between 8.5p1 and 9.7p1 inclusive may allow arbitrary code execution with root privileges. Successful exploitation has be...

EUVD-2022-26006

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

VulnCheck KEV: CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

SUSE CVE-2024-6409

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...

AZL-43024 CVE-2024-6387 affecting package openssh for versions less than 9.8p1-1

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

UBUNTU-CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

GaussDB Kernel: Setting the Timeout Period of Client Authentication

authenticationtimeout specifies the maximum time for client authentication. The default value is 1 min. This parameter prevents faulty clients from occupying the connection channel for a long time. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a reference...

Microsoft Active Directory Federated Services (ADFS) User Enumeration Vulnerability

Microsoft Active Directory Federated Services ADFS suffers from a time-based user enumeration vulnerability. + Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source:...

openSUSE Security Update : dropbear (openSUSE-2016-387)

dropbear was updated to 2016.72 to fix the following issues : Changes in dropbear : - updated to upstream version 2016.72 - Validate X11 forwarding input. Could allow bypass of authorizedkeys command= restrictions, found by github.com/tintinweb. Thanks for Damien Miller for a patch. - used as bug...

postgresql: double-free after authentication timeout

A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered...

postgresql: double-free after authentication timeout

A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered...

postgresql: double-free after authentication timeout

A double-free flaw was found in the way PostgreSQL handled connections. An unauthenticated attacker could possibly exploit this flaw to crash the PostgreSQL backend by disconnecting at approximately the same time as the authentication time out was triggered...

Double free

Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service crash by closing an SSL session at a time when the authentication timeout will expire during the session...

PostgreSQL 9.0 < 9.0.20 / 9.1 < 9.1.16 / 9.2 < 9.2.11 / 9.3 < 9.3.7 / 9.4 < 9.4.2 Multiple Vulnerabilities

The version of PostgreSQL installed on the remote host is 9.0.x prior to 9.0.20, 9.1.x prior to 9.1.16, 9.2.x prior to 9.2.11, 9.3.x prior to 9.3.7, or 9.4.x prior to 9.4.2. It is, therefore, affected by multiple vulnerabilities : - A double free memory error exists after authentication timeout,...

postgresql: multiple issues

CVE-2015-3165 denial of service SSL clients disconnecting just before the authentication timeout expires can cause the server to crash via a double-free issue leading to denial of service. - CVE-2015-3166 information disclosure The replacement implementation of snprintf failed to check for errors...

FreeBSD : PostgreSQL -- minor security problems. (fc38cd83-00b3-11e5-8ebd-0026551a22dc)

PostgreSQL project reports : This update fixes three security vulnerabilities reported in PostgreSQL over the past few months. Nether of these issues is seen as particularly urgent. However, users should examine them in case their installations are vulnerable:. - CVE-2015-3165 Double 'free' after...

PostgreSQL Remote Denial of Service Vulnerability

PostgreSQL is an object-relational database management system that supports an extended subset of SQL standards. PostgreSQL versions 9.3 and 9.4, disconnecting ssl clients before the authentication timeout expires can cause the server to crash...

USN-2621-1 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities

Benkocs Norbert Attila discovered that PostgreSQL incorrectly handled authentication timeouts. A remote attacker could use this flaw to cause the unauthenticated session to crash, possibly leading to a security issue. CVE-2015-3165 Noah Misch discovered that PostgreSQL incorrectly handled certain...