619 matches found
Malicious Package in 8.9.4
Versions 1.0.2, 1.0.3, 1.0.4 and 1.0.5 of 8.9.4 contain malicious code as a preinstall script. The package reads the system's SSH keys but does not upload it to a remote server. Recommendation Remove the package from your environment. There is no evidence of further compromise at the moment...
GHSA-WXRM-2H86-V95F Malicious Package in pizza-pasta
Version 1.0.3 of pizza-pasta contains malicious code as a install scripts. The package created folders in the system's Desktop and downloaded an image from imgur.com. The package also printed the users SSH keys to the console. Recommendation Remove the package from your environment. There are no...
Malicious Package in pizza-pasta
Version 1.0.3 of pizza-pasta contains malicious code as a install scripts. The package created folders in the system's Desktop and downloaded an image from imgur.com. The package also printed the users SSH keys to the console. Recommendation Remove the package from your environment. There are no...
GHSA-M9R7-Q9FC-QWX5 Malicious Package in maybemaliciouspackage
All versions of maybemaliciouspackage contain malicious code. The package prints the system's SSH keys to the console as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise...
Malicious Package in maybemaliciouspackage
All versions of maybemaliciouspackage contain malicious code. The package prints the system's SSH keys to the console as a postinstall script. Recommendation Remove the package from your environment. There are no further signs of compromise...
Agoric: Dependency on private SSH keys in public github
Summary: As i am searching for the some information i came through one of the https://github.com/Agoric/agoric-sdk/blob/8a8136533220a862bf87d319e821858c8b7ba3b3/vagrant/Dockerfile as i am looking at the content i came through github link for ssh private key...
Malicious Package
maleficent contains malicious code. The code when executed in the browser would capture environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. It also subsequently prints the information to a local file...
Malicious Package
boogeyman is a malicious package. When installed, it downloads a payload from pastebin.com, and uses eval to send both the ssh keys and the users .npmrc data to a private pastebin account...
Malicious Package
of 8.9.4 contain malicious code as a preinstall script. The package reads the system's SSH keys but does not upload it to a remote server. Remove the package from your environment. There is no evidence of further compromise at the moment...
GHSA-P8FM-W787-X6X3 Malicious Package in portionfatty12
All versions of portionfatty12 are considered malicious. The package is malware designed to steal user's data. When installed it uploads the user's public SSH keys to a remote server. Recommendation This package is not available on the npm Registry anymore. If you happen to find this package in...
Malicious Package in portionfatty12
All versions of portionfatty12 are considered malicious. The package is malware designed to steal user's data. When installed it uploads the user's public SSH keys to a remote server. Recommendation This package is not available on the npm Registry anymore. If you happen to find this package in...
GHSA-9HC2-W9GG-Q6JW Malicious Package in boogeyman
All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very short period ...
Malicious Package in boogeyman
All versions of boogeyman are considered malicious. This particular package would download a payload from pastebin.com, eval it to read ssh keys and the users .npmrc and send them to a private pastebin account. Recommendation This package was published to the npm Registry for a very short period ...
CVE-2020-5917
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2 and BIG-IQ versions 5.2.0-7.0.0, the host OpenSSH servers utilize keys of less than 2048 bits which are no longer considered secure...
Low: Red Hat Security Advisory: cloud-init security, bug fix, and enhancement update
An update for cloud-init is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Kubernetes: Man in the middle leading to root privilege escalation using hostNetwork=true (CAP_NET_RAW considered harmful)
Summary: CAPNETRAW capability is still included by default in K8S, leading to yet another attack. An attacker gaining access to a hostNetwork=true container with CAPNETRAW capability can listen to all the traffic going through the host and inject arbitrary traffic, allowing to tamper with most...
Information Disclosure
kexec-tools is vulnerable to information disclosure. mkdumprd included unneeded sensitive files such as all files from the "/root/.ssh/" directory and the host's private SSH keys in the resulting initrd. This could lead to an information leak when initrd files were previously created with...
VulnCheck KEV: CVE-2019-19750
minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product...
VulnCheck KEV: CVE-2020-5200
Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io...
Flaws Riddle Zyxel’s Network Management Software
Security researchers are warning that networking hardware vendor Zyxel and its Cloud CNM SecuManager software is chock-full of unpatched vulnerabilities that kick open the doors for hackers to exploit. In all, researchers have identified 16 vulnerabilities, ranging from multiple backdoors and...