CentOS 7 : cloud-init (CESA-2019:0597)

An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cloud security update

CentOS Errata and Security Advisory CESA-2019:0597 An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

RHEL 7 : cloud-init (RHSA-2019:0597)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:0597 advisory. The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to...

Oracle Linux 7 : cloud-init (ELSA-2019-0597)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-0597 advisory. 18.2-1.0.1 - add modified version of enable-ec2utils-to-stop-retrying-to-get-ec2-metadata.patch for 18.2: 1. Enable ec2utils.py having a way to stop retrying to...

Moderate: Red Hat Security Advisory: cloud-init security update

An update for cloud-init is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

cloud-init security update

18.2-1.0.1 - add modified version of enable-ec2utils-to-stop-retrying-to-get-ec2-metadata.patch for 18.2: 1. Enable ec2utils.py having a way to stop retrying to get ec2 metadata 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader Resolves: Oracle-Bug:41660 Bugzilla...

Security Bulletin: Vulnerabilities in OpenSSH affect IBM Flex System Chassis Management Module (CVE-2016-0777, CVE-2016-0778)

Summary An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming feature was implemented affects IBM Flex System Chassis Management Module CMM. Vulnerability Details Summary An information leak flaw and buffer overflow flaw in the way the OpenSSH client roaming...

Same-Origin Policy Bypass

Mozilla Firefox is vulnerable to same-origin policy bypass. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, wh...

Malicious Package

portionfatty12 is a malicious package designed to steal user's data when installed. All versions of this package is considered malicious and must not be used. The package uploads the user's public SSH keys to a remote server after installation...

Malicious Package

Overview All versions of portionfatty12 are considered malicious. The package is malware designed to steal user's data. When installed it uploads the user's public SSH keys to a remote server. Recommendation This package is not available on the npm Registry anymore. If you happen to find this...

Punk.Py - Unix SSH Post-Exploitation Tool

unixSSH post-exploitation 1337 tool how it works punk.py is a post-exploitation tool meant to help network pivoting from a compromised unix box. It collect usernames, ssh keys and known hosts from a unix system, then it tries to connect via ssh to all the combinations found. punk.py is wrote in...

GHSA-6FJR-M7V6-FPG9 jquey is malware

The jquey package is malware that attempts to discover and exfiltrate sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found jquey installed in your...

jquey is malware

The jquey package is malware that attempts to discover and exfiltrate sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found jquey installed in your...

coffescript is malware

The coffescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffescript installed in your...

cofee-script is malware

The cofee-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofee-script installed in your...

GHSA-C9RJ-PGXV-84JC cofee-script is malware

The cofee-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofee-script installed in your...

GHSA-J49G-MP79-5VM5 coffe-script is malware

The coffe-script package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found coffe-script installed in your...

GHSA-M6WH-M8M8-6XX5 cofeescript is malware

The cofeescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofeescript installed in your...

cofeescript is malware

The cofeescript package is a piece of malware that steals sensitive data such as a user's private SSH key and bash history, sending them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation If you have found cofeescript installed in your...

Imperva SecureSphere 11.5 / 12.0 / 13.0 - Privilege Escalation

Title: Imperva SecureSphere = v13 - Privilege Escalation Author: 0x09AL Date: 01/08/2018 Tested on: Imperva SecureSphere 11.5,12.0,13.0 Vendor: https://www.imperva.com/ Vulnerability Description There is a program named PCE.py which runs as root and starts a unix domain socket listener in...