Red Hat News Articles

PoC Exploit Released for Yelp Flaw that Exposes SSH Keys on Ubuntu Systems

A proof-of-concept (PoC) exploit has been released for CVE-2025-3155, a critical vulnerability in GNOME’s Yelp help viewer that enables attackers to exfiltrate SSH keys and other sensitive files from Ubuntu systems. 

2 weeks ago

PoC Exploit Reveals SSH Key Exposure via Yelp Vulnerability on Ubuntu

Security researchers have uncovered a critical vulnerability (CVE-2025-3155) in Ubuntu's default help browser Yelp that could expose sensitive system.

2 weeks ago

OpenSSH bugs allows Man-in-the-Middle and DoS Attacks

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions.

OpenSSH flaws could enable man-in-the-middle attacks, denial of service

If the VerifyHostKeyDNS option is activated, an attacker could impersonate a server to hijack SSH sessions.

Proof-of-Concept Exploits Published for 2 New OpenSSH Bugs

Millions of servers are at risk from vulnerabilities in OpenSSH, a widely used, open source remote server management and file transfer tool. The flaws pose

Critical OpenSSH Vulnerabilities Expose Users to MITM and DoS Attacks

2 critical OpenSSH vulnerabilities found! Qualys TRU finds client and server flaws (CVE-2025-26465 & CVE-2025-26466) enabling MITM and DoS.

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks

OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago.

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Two OpenSSH vulnerabilities (CVE-2025-26465, CVE-2025-26466) allow MitM and DoS attacks.

OpenSSH bugs threaten enterprise security, uptime

Researchers can disclose two brand-new vulnerabilities in OpenSSH now that patches have been released. Qualys discovered the bugs in January, per its disclosure timeline. These vulnerabilities allow...

Qualys TRU Discovers Two Vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466 | Qualys Security Blog

The Qualys Threat Research Unit (TRU) has identified two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465, allows an active machine-in-the…

WARNING: HIGH VULNERABILITY IN KEYCLOAK COULD LEAD TO PRIVILEGE ESCALATION AND IMPERSONATION. PATCH IMMEDIATELY!

CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil

The Windows Security Updates of August 2024 are now available - BitLocker Recovery issue fixed - gHacks Tech News

Here is an overview of the August 2024 security updates that Microsoft released for its Windows operating systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

We take a look at the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Another regreSSHion-like bug identified in OpenSSH

Despite being both remote code execution and race condition flaws, CVE-2024-6409 poses a "lower" immediate impact due to the issues being present in the privsep child process with fewer privileges.

Microsoft Says Windows Not Impacted by regreSSHion as Second OpenSSH Bug Is Found

A second remote code execution vulnerability, tracked as CVE-2024-6409, was found in OpenSSH during an analysis of the regreSSHion flaw.

OpenSSH bug leaves RHEL 9 and the RHELatives vulnerable

The founder of Openwall has discovered a new signal handler race condition in the core sshd daemon used in RHEL 9.x and its various offshoots. The new flaw, tagged as CVE-2024-6409, was found by Openwall's...

Cyber Security Archives

Adobe Security Update for Premiere Pro, InDesign & Bridge Adobe has released crucial security updates for its widely-used software products: Premiere Pro, InDesign, and Bridge. The...

New OpenSSH CVE-2024-6409 Flaw Emerges

A week after the disclosure of the regreSSHion CVE-2024-6387 flaw in OpenSSH, researchers have found a related flaw (CVE-2024-6409) in some recent versions of the library.

New OpenSSH Vulnerability (CVE-2024-6409) Requires Patching

New OpenSSH vulnerability CVE-2024-6409 targets 8.7p1 and 8.8p1 of OpenSSH, specifically those shipped with Red Hat Enterprise Linux 9.

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk

OpenSSH vulnerability CVE-2024-6409 found in Red Hat Linux 9 may enable remote code execution. Discover more.

New OpenSSH Vulnerability CVE-2024-6409 Exposes Systems to RCE Attack

Security researchers have discovered a new vulnerability in OpenSSH, identified as CVE-2024-6409, which could potentially allow remote code execution attacks on affected systems.

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw

A critical vulnerability has been discovered in the netfilter subsystem of the Linux kernel Privilege Escalation Flaw.

Top Cyber Security Informer Penetration Testing Security Awareness Content for March, 2024

Best content around Penetration Testing Security Awareness selected by the Cyber Security Informer community.

CVE-2023-6246 Archives

All posts tagged "CVE-2023-6246" Security Architecture GNU C Library Vulnerability Leads to Full Root Access Researchers at Qualys call attention to a vulnerability in Linux’s GNU C Library...

glibc - CVE CyberSecurity Database News

CVE CyberSecurity Database News - Latest cybersecurity news and CVE details Sign...

Linux Kernel Flaw Let Attackers Gain Full Root Access: PoC Published

A critical vulnerability in the Linux kernel's io_uring subsystem, which could allow attackers to gain full root access to affected systems.

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu - Exodus Intelligence

By Oriol Castejón Overview In early January 2024, a Project Zero issue for a recently fixed io_uring use-after-free (UAF) vulnerability (CVE-2024-0582) was made public. Reading the issue description, it was apparent that the vulnerability allowed an attacker to obtain read and write access to a numb...

Tag: CVE-2023-6246 | Qualys Security Blog

Join the discussion today! Learn more about Qualys and industry best practices. Share what you know and build a reputation. Secure your systems and improve...

Debian: DSA-5611-1: glibc security update | LinuxSecurity.com

Debian Security Advisory DSA-5611-1 https://www.debian.org/security/Salvatore Bonaccorso January 30,

Glibc library vulnerability published

CVE-2023-6246 found in glibc (GNU C Library) affects Debian, Ubuntu and Fedora, and likely other Linux distributions.

Glibc library vulnerability published

CVE-2023-6246 found in glibc (GNU C Library) affects Debian, Ubuntu and Fedora, and likely other Linux distributions.

New Glibc Library Flaw Grants Root Access to Major Linux Distros - Cyber Kendra

New Glibc Library Flaw Grants Root Access to Major Linux Distros

CVE-2024-1753: Podman/Buildah Vulnerability Allow Container Escapes

A serious vulnerability (CVE-2024-1753) has been discovered in the popular containerization tools Podman and Buildah

Critical Shim Vulnerability Affecting Linux Secure Boot: An In-depth Look

A serious vulnerability, CVE-2023-40547, discovered in Shim could lead to remote code execution. The bug affects Linux distributions supporting secure boot.

The Real Shim Shady - How CVE-2023-40547 Impacts Most Linux Systems - Eclypsium | Supply Chain Security for the Modern Enterprise

Six new vulnerabilities have been identified in the shim bootloader used to support Secure Boot in most Linux distributions. One vulnerability in particular, CVE-2023-40547, can be exploited to control the boot sequence and circumvent operating system controls.

Linux Systems Exposed: Critical RCE Vulnerability in Shim Bootloader Demands Urgent Patching

A severe RCE vulnerability in the shim bootloader threatens Linux systems using Secure Boot. Update to shim 15.8 and follow these steps to mitigate the risk.

EP1652: Chill Chill Security - CVE-2023-40547 by Chill Chill Security

Sponsor by ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠SEC Playground

Linux Devs Rush to Patch Critical Vulnerability in Shim

The flaw allows the installation of malware that operates at the firmware level

RedHat patches critical flaw in Linux shim bootloader

Security pros say teams need to patch right away because attackers can leverage the bug to gain control of the entire boot process.

How to fix CVE-2023-40547 in Linux

CVE-2023-40547 is a critical vulnerability allowing bootkit installations on Linux systems. Here's everything you need to know.

Critical Shim Boot Loader Vulnerability Affects Linux Distributions (CVE-2023-40547) - OP INNOVATE

CVE-2023-40547 poses a critical threat to Linux distributions with a CVSS score of 9.8, enabling Secure Boot bypass and potential remote code execution. Discovered by Bill Demirkapi, this vulnerability is critical in the shim boot loader's HTTP response handling and could lead to system compromise t...

Linux Distros Hit By RCE Vulnerability in Shim Bootloader

However, not everyone agrees with the NVD's assessment of CVE-2023-40547 being a near-maximum severity bug.