Advisories
Curated republications of public security advisories that affect
payments, settlement, and treasury infrastructure. Each entry preserves
the original disclosing party in the Reporter
field; our analysis adds prioritisation context and detection guidance.
- Total
- 03
- Critical
- 01
- High
- 01
- Medium
- 01
- CVE-2024-6387 · 2024-07-01 · HIGH
Signal handler race in OpenSSH sshd allows pre-auth RCE on glibc Linux
A signal handler race condition in sshd, dubbed regreSSHion, permits unauthenticated remote code execution as root on glibc-based Linux. The flaw is a regression of CVE-2006-5051. Exploitation is non-trivial but demonstrated.
CVSS 8.1 OpenSSH 8.5p1 through 9.7p1 (inclusive) on glibc-based Linux +1 - CVE-2024-30255 · 2024-04-03 · MEDIUM
Envoy HTTP/2 CONTINUATION frame flood causes CPU exhaustion DoS
Envoy's HTTP/2 codec processes CONTINUATION frames without effective rate limiting. A remote unauthenticated client can stream CONTINUATION frames indefinitely, exhausting CPU on the target. Part of the wider 2024 HTTP/2 CONTINUATION flood disclosure class.
CVSS 5.9 Envoy < 1.26.8 +3 - CVE-2024-3094 · 2024-03-29 · CRITICAL
Backdoor in xz-utils 5.6.0–5.6.1 (liblzma) compromises sshd
xz-utils 5.6.0 and 5.6.1 ship a deliberate backdoor that compromises sshd via the libsystemd → liblzma load path. An attacker holding the actor's private key gains pre-authentication RCE as root.
CVSS 10.0 xz-utils 5.6.0 +2
No advisories match the current filter.