22 matches found
CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
DEBIAN-CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
EUVD-2026-35982
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
CVE-2026-11837
CVE-2026-11837 describes a local privilege escalation in the ansible.posix authorized_key module. The keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOLLOW when handling SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their ~/...
CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
PT-2026-48375
Name of the Vulnerable Software and Affected Versions ansible.posix affected versions not specified Description A local privilege escalation issue exists in the authorized key module. The keyfile function utilizes os.chown instead of os.lchown and opens files without the O NOFOLLOW flag when...
Linux Distros Unpatched Vulnerability : CVE-2026-11837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown...
Malicious code in textwrap-ext (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 da4e8d5daae9a14e0ceb5a942afd308068957ec655cdd950b2b041934e9ec182 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
MAL-2026-3407 Malicious code in textwrap-toolkit (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 029e190fc99763d65a096339b29fa85aeb0a23c3818a632a2dd4dc99f3e8fd64 During installation, obfuscated code exfiltrates cryptocurrency wallet data to a hardcoded location and places a backdoor through a new authorized SSH key...
Malicious code in bttcli (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 ce4d4558612dd659843989e690b64a3c4073d5a4b34217c2e89a5325835da685 During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...
MAL-2026-3402 Malicious code in python-bittensor-config-v2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6f2ecdbc9e024d6dc51c8e5d48941c5aac432db65ad733317aed159d480973cd During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...
MAL-2026-3398 Malicious code in ninja-ssh-proto (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 84f71e430b37d8fe0ee6c72826071159bb146664fe17d9a596f6e611579851f7 During installation or import, package silently adds a new authorized SSH key. It's closely related to the 2026-05-ninja-core-utils campaign, but there is no...
CVE-2023-41160
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
CVE-2023-41160
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
CVE-2023-41160
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
Cross site scripting
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
CVE-2023-41160
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
CVE-2023-41160
A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...
PT-2023-27836 · Usermin · Usermin
Name of the Vulnerable Software and Affected Versions: Usermin version 2.001 Description: A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...