[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-39894":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":44,"related":45,"reserved_at":9,"published_at":49,"modified_at":50,"state":51,"summary":52,"references_raw":61,"kevs":112,"epss":113,"epss_history":116,"metrics":375,"affected":383},"CVE-2024-39894","OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.","weakness","Incomplete","Base","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36,38,40,42],{"_key":33},"UBUNTU-CVE-2024-39894",{"_key":35},"USN-6887-1",{"_key":37},"SUSE-SU-2024:2393-1",{"_key":39},"OPENSUSE-SU-2024:14113-1",{"_key":41},"SUSE-SU-2025:20009-1",{"_key":43},"DEBIAN-CVE-2024-39894",[],[46,47,48],{"_key":37},{"_key":39},{"_key":41},"2024-07-02T00:00:00.000Z","2025-11-04T16:12:30.897Z","Deferred",{"cisa_kev":53,"cisa_ransomware":53,"cisa_vendor":9,"epss_severity":54,"epss_score":55,"severity":56,"severity_score":57,"severity_version":58,"severity_source":59,"severity_vector":60,"severity_status":51},false,"low",0.02949,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",[62,67,71,75,80,84,88,92,96,100,104,108],{"url":63,"sources":64,"tags":66},"https://www.openssh.com/txt/release-9.8",[59,65],"nvd",[],{"url":68,"sources":69,"tags":70},"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html",[59,65],[],{"url":72,"sources":73,"tags":74},"https://www.openwall.com/lists/oss-security/2024/07/02/1",[59,65],[],{"url":76,"sources":77,"tags":78},"http://www.openwall.com/lists/oss-security/2024/07/03/6",[59,65],[79],"Mailing List",{"url":81,"sources":82,"tags":83},"https://security.netapp.com/advisory/ntap-20240712-0004/",[59,65],[],{"url":85,"sources":86,"tags":87},"http://www.openwall.com/lists/oss-security/2024/07/23/4",[59,65],[79],{"url":89,"sources":90,"tags":91},"http://www.openwall.com/lists/oss-security/2024/07/23/6",[59,65],[79],{"url":93,"sources":94,"tags":95},"http://www.openwall.com/lists/oss-security/2024/07/28/3",[59,65],[79],{"url":97,"sources":98,"tags":99},"https://crzphil.github.io/posts/ssh-obfuscation-bypass/",[59,65],[],{"url":101,"sources":102,"tags":103},"https://news.ycombinator.com/item?id=41508530",[59,65],[],{"url":105,"sources":106,"tags":107},"https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc",[59,65],[],{"url":109,"sources":110,"tags":111},"http://seclists.org/fulldisclosure/2024/Sep/33",[59,65],[],[],{"date":114,"score":55,"percentile":115},"2026-06-04",0.86717,[117,121,125,128,131,134,137,139,142,145,148,151,153,156,159,163,166,169,172,175,178,181,184,186,188,191,194,196,200,203,206,209,212,215,218,220,223,226,229,232,235,238,240,243,246,249,252,255,258,260,262,264,267,270,273,276,279,282,285,288,291,294,297,300,302,304,307,310,313,316,318,321,324,326,329,332,334,337,339,342,345,348,351,354,357,360,363,366,369,372],{"date":118,"score":119,"percentile":120},"2025-11-04",0.01707,0.81688,{"date":122,"score":123,"percentile":124},"2025-11-05",0.02192,0.83836,{"date":126,"score":123,"percentile":127},"2025-11-06",0.83839,{"date":129,"score":123,"percentile":130},"2025-11-07",0.83844,{"date":132,"score":123,"percentile":133},"2025-11-08",0.83848,{"date":135,"score":123,"percentile":136},"2025-11-09",0.83843,{"date":138,"score":123,"percentile":124},"2025-11-10",{"date":140,"score":123,"percentile":141},"2025-11-11",0.83841,{"date":143,"score":123,"percentile":144},"2025-11-12",0.83851,{"date":146,"score":123,"percentile":147},"2025-11-13",0.83857,{"date":149,"score":123,"percentile":150},"2025-11-14",0.83858,{"date":152,"score":123,"percentile":144},"2025-11-15",{"date":154,"score":123,"percentile":155},"2025-11-16",0.83853,{"date":157,"score":123,"percentile":158},"2025-11-17",0.83852,{"date":160,"score":161,"percentile":162},"2025-11-18",0.18764,0.94825,{"date":164,"score":161,"percentile":165},"2025-11-19",0.94828,{"date":167,"score":161,"percentile":168},"2025-11-20",0.94833,{"date":170,"score":55,"percentile":171},"2025-11-21",0.85961,{"date":173,"score":55,"percentile":174},"2025-11-22",0.85955,{"date":176,"score":55,"percentile":177},"2025-11-23",0.8595,{"date":179,"score":55,"percentile":180},"2025-11-24",0.85952,{"date":182,"score":55,"percentile":183},"2025-11-25",0.85951,{"date":185,"score":55,"percentile":180},"2025-11-26",{"date":187,"score":55,"percentile":180},"2025-11-27",{"date":189,"score":55,"percentile":190},"2025-11-28",0.8593,{"date":192,"score":55,"percentile":193},"2025-11-29",0.86001,{"date":195,"score":55,"percentile":193},"2025-11-30",{"date":197,"score":198,"percentile":199},"2025-12-01",0.00688,0.71061,{"date":201,"score":198,"percentile":202},"2025-12-02",0.71075,{"date":204,"score":198,"percentile":205},"2025-12-03",0.71074,{"date":207,"score":55,"percentile":208},"2025-12-04",0.85996,{"date":210,"score":55,"percentile":211},"2025-12-05",0.85999,{"date":213,"score":55,"percentile":214},"2025-12-06",0.85995,{"date":216,"score":55,"percentile":217},"2025-12-07",0.85982,{"date":219,"score":55,"percentile":217},"2025-12-08",{"date":221,"score":55,"percentile":222},"2025-12-09",0.85989,{"date":224,"score":55,"percentile":225},"2025-12-10",0.86009,{"date":227,"score":55,"percentile":228},"2025-12-11",0.86015,{"date":230,"score":55,"percentile":231},"2025-12-12",0.86016,{"date":233,"score":55,"percentile":234},"2025-12-13",0.86011,{"date":236,"score":55,"percentile":237},"2025-12-14",0.86002,{"date":239,"score":55,"percentile":208},"2025-12-15",{"date":241,"score":55,"percentile":242},"2025-12-16",0.86003,{"date":244,"score":55,"percentile":245},"2025-12-17",0.86008,{"date":247,"score":55,"percentile":248},"2025-12-18",0.86013,{"date":250,"score":55,"percentile":251},"2025-12-19",0.86017,{"date":253,"score":55,"percentile":254},"2025-12-20",0.86014,{"date":256,"score":55,"percentile":257},"2025-12-21",0.86018,{"date":259,"score":55,"percentile":245},"2025-12-22",{"date":261,"score":55,"percentile":248},"2025-12-23",{"date":263,"score":55,"percentile":257},"2025-12-24",{"date":265,"score":55,"percentile":266},"2025-12-25",0.8603,{"date":268,"score":55,"percentile":269},"2025-12-26",0.86033,{"date":271,"score":55,"percentile":272},"2025-12-27",0.86081,{"date":274,"score":55,"percentile":275},"2025-12-28",0.86025,{"date":277,"score":55,"percentile":278},"2025-12-29",0.8602,{"date":280,"score":55,"percentile":281},"2025-12-30",0.86027,{"date":283,"score":55,"percentile":284},"2025-12-31",0.86036,{"date":286,"score":198,"percentile":287},"2026-01-01",0.71309,{"date":289,"score":198,"percentile":290},"2026-01-02",0.71305,{"date":292,"score":198,"percentile":293},"2026-01-03",0.71303,{"date":295,"score":55,"percentile":296},"2026-01-04",0.86041,{"date":298,"score":55,"percentile":299},"2026-01-05",0.8604,{"date":301,"score":55,"percentile":296},"2026-01-06",{"date":303,"score":55,"percentile":296},"2026-01-07",{"date":305,"score":55,"percentile":306},"2026-01-08",0.8605,{"date":308,"score":55,"percentile":309},"2026-01-09",0.86051,{"date":311,"score":55,"percentile":312},"2026-01-10",0.86048,{"date":314,"score":55,"percentile":315},"2026-01-11",0.86043,{"date":317,"score":55,"percentile":299},"2026-01-12",{"date":319,"score":55,"percentile":320},"2026-01-13",0.86035,{"date":322,"score":55,"percentile":323},"2026-01-14",0.86049,{"date":325,"score":55,"percentile":312},"2026-01-15",{"date":327,"score":55,"percentile":328},"2026-01-16",0.86054,{"date":330,"score":55,"percentile":331},"2026-01-17",0.86057,{"date":333,"score":55,"percentile":331},"2026-01-18",{"date":335,"score":55,"percentile":336},"2026-01-19",0.86053,{"date":338,"score":55,"percentile":309},"2026-01-20",{"date":340,"score":55,"percentile":341},"2026-01-21",0.86058,{"date":343,"score":55,"percentile":344},"2026-01-22",0.86062,{"date":346,"score":55,"percentile":347},"2026-01-23",0.86077,{"date":349,"score":55,"percentile":350},"2026-01-24",0.86085,{"date":352,"score":55,"percentile":353},"2026-01-25",0.8608,{"date":355,"score":55,"percentile":356},"2026-01-26",0.86078,{"date":358,"score":55,"percentile":359},"2026-01-27",0.86083,{"date":361,"score":55,"percentile":362},"2026-01-28",0.86087,{"date":364,"score":55,"percentile":365},"2026-01-29",0.8609,{"date":367,"score":55,"percentile":368},"2026-01-30",0.86096,{"date":370,"score":55,"percentile":371},"2026-01-31",0.86094,{"date":373,"score":198,"percentile":374},"2026-02-01",0.71379,[376,381],{"source":59,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":377,"cvss_v4_0":9},{"baseScore":57,"baseSeverity":378,"vectorString":60,"impactScore":379,"exploitabilityScore":380},"HIGH",9.8,4.1,{"source":65,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":382,"cvss_v4_0":9},{"baseScore":57,"baseSeverity":378,"vectorString":60,"impactScore":379,"exploitabilityScore":380},[]]