420 matches found
CVE-2024-6409
CVE-2024-6409 describes a race-condition in OpenSSH server (sshd) signal handling. If a remote client does not authenticate within LoginGraceTime, sshd’s SIGALRM handler runs asynchronously and may call non-async-signal-safe functions (e.g., syslog), enabling a potential remote code execution as ...
CVE-2024-6409 Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...
CVE-2024-6409 Openssh: possible remote code execution due to a race condition in signal handling affecting red hat enterprise linux 9
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server sshd. If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not...
RHEL 9 : git (RHSA-2024:4368)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4368 advisory. Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a...
RHEL 9 : openssh (RHSA-2024:4312)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4312 advisory. OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary f...
RHEL 9 : Red Hat OpenStack Platform 17.1.3 (RHSA-2024:4272)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4272 advisory. Cinder is the replacement of nova-volume in Folsom and beyond, use d for block storage. OpenStack Image Service code-named Glance provides...
RHEL 9 : qemu-kvm (RHSA-2024:4277)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4277 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the...
RHEL 9 : python3.11 (RHSA-2024:4077)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4077 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...
RHEL 9 : firefox (RHSA-2024:3958)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3958 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...
RHEL 9 : gvisor-tap-vsock (RHSA-2024:3830)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:3830 advisory. A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for...
RHEL 9 : ruby (RHSA-2024:3838)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3838 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 9 : nghttp2 (RHSA-2024:3665)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3665 advisory. libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 HTTP/2 protocol in C. Security Fixes: nghttp2: CONTINUATION frames DoS...
RHEL 9 : ruby:3.3 (RHSA-2024:3671)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3671 advisory. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system...
RHEL 9 : Red Hat JBoss Enterprise Application Platform 8.0.2 Security update (Moderate) (RHSA-2024:3581)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3581 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 9 : zstd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - zstd: mysql: buffer overrun in util.c CVE-2022-4899 Note that Nessus has not tested for this issue but has instead...
RHEL 9 : libyang (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - libyang: NULL pointer dereference via lyspstmtvalidatevalue at lysparsemem.c CVE-2023-26917 Note that Nessus has no...
RHEL 9 : dotnet6.0 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - http-cache-semantics: Regular Expression Denial of Service ReDoS vulnerability CVE-2022-25881 Note that Nessus has...
RHEL 9 : conmon (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cri-o: memory exhaustion on the node when access to the kube api CVE-2022-1708 Note that Nessus has not tested for...
RHEL 9 : cri-o (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - opencontainers: OCI manifest and index parsing confusion CVE-2021-41190 Note that Nessus has not tested for this...
RHEL 9 : pcre2 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop CVE-2022-41409 Note that Nessus ha...