Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far:...

GHSA-PPJH-XP5V-46WC Croc sender may send dangerous new files to receiver

An issue was discovered in Croc before 9.6.16. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

Croc sender may send dangerous new files to receiver

An issue was discovered in Croc before 9.6.16. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

The high MGMT CPU issue is preventing users access to Netscaler via GUI or SSH.

After upgrading Netscaler to version 13.1-42+, executing the "" command results in a high management CPU issue, causing users to be unable to log in to Netscaler via the GUI or SSH...

CVE-2023-43619

An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorizedkeys file...

PT-2023-28880 · Croc · Croc

Name of the Vulnerable Software and Affected Versions: Croc versions through 9.6.5 Description: An issue was discovered in Croc where a sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized keys file. Recommendations: For Croc versions through 9.6.5,...

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language, which allows a hacker to trigger a denial-of-service attack.

The vulnerability of the golang.org/x/crypto/ssh library for the Go programming language is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an attacker to cause SSH servers to fail...

The vulnerability of the sshkeys.js component in the embedded operating system OpenWrt, related to the lack of security measures for the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the sshkeys.js component in the embedded operating system OpenWrt is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability in the golang.org/x/crypto/ssh library for the Go programming language allows a attacker to cause SSH servers to fail.

The vulnerability of the golang.org/x/crypto/ssh library in the Go programming language is related to pointer arithmetic errors. Exploiting this vulnerability could allow an attacker to cause SSH servers to fail...

Fedora: Security Advisory (FEDORA-2023-467632ecbe)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in cURL libcurl might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in cURL libcurl. Vulnerabilities include exploiting the vulnerabilities to reuse a previously created connection even when the GSS delegation, to pass on user name and "telnet options" for the server negotiation, to caus...

Vulnerability CVE-2008-5161 (SSH Server CBC Mode Ciphers Enabled) on SDX

Regarding vulnerability CVE-2008-5161 SSH Server CBC Mode Ciphers Enabled, we need to follow the below article to mitigate this vulnerability. Addressing False Positives from CBC and MAC Vulnerability Scans of NetScaler SSHD citrix.com However, we are unable to perform the steps mentioned in the...

CVE-2023-41160

A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...

CVE-2023-41160

A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...

Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...

USN-6371-1 libssh2 vulnerability

It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash...

How to Enable/Disable SSH on XenServer Host

How to Enable/Disable SSH on XenServer Host...

CVE-2023-41160

A Stored Cross-Site Scripting XSS vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key...

CVE-2023-41160

CVE-2023-41160 describes a stored XSS in the SSH configuration tab of Usermin 2.001 caused by injecting scripts or HTML through the key name field when adding an authorized key. The vulnerability is confirmed across multiple sources (NVD, Red Hat, CVE list, CNNSA-like feeds) with CVSSv3.1 base me...