Scanvus – my open source Vulnerability Scanner for Linux hosts and Docker images

Hello everyone! This video was recorded for the VMconf 22 Vulnerability Management conference, vmconf.pw. I will be talking about my open source project Scanvus. This project is already a year old and I use it almost every day. Alternative video link for Russia: Scanvus Simple Credentialed...

Hostname Spoofing

parse-url is vulnerable to hostname spoofing. The vulnerability exists because the parseUrl function of index.js does not properly identify the custom user in ssh url and hostname, allowing an attacker to gain sensitive information by redirecting to the malicious urls...

Cross-site Request Forgery (CSRF)

Rdiffweb is vulnerable to Cross-Site Request Forgery. The vulnerability is due to the ssh keys endpoint accepting post requests. An attacker can exploit this vulnerability to add unauthorized ssh keys to the system...

parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access

rdiffweb prior to 2.4.3 is vulnerable to Cross-Site Request Forgery CSRF. While adding SSH public keys to the profile, the server accepts the GET request, which results in adding an SSH public key to the profile and leads to unauthorized access to the system and backups. Version 2.4.3 contains a...

GHSA-PQW5-JMP5-PX4V parse-url parses http URLs incorrectly, making it vulnerable to host name spoofing

parse-url prior to 8.1.0 is vulnerable to Misinterpretation of Input. parse-url parses certain http or https URLs incorrectly, identifying the URL's protocol as ssh. It may also parse the host name incorrectly...

GHSA-VQ4H-XRWC-M639 rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access

rdiffweb prior to 2.4.3 is vulnerable to Cross-Site Request Forgery CSRF. While adding SSH public keys to the profile, the server accepts the GET request, which results in adding an SSH public key to the profile and leads to unauthorized access to the system and backups. Version 2.4.3 contains a...

golang: crash in a golang.org/x/crypto/ssh server

A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability...

CVE-2022-34425

Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to unauthorized access to communication...

PT-2022-21152 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.3 Description: The issue is related to Cross-Site Request Forgery CSRF in the GitHub repository ikus060/rdiffweb. When adding SSH public keys to a profile, the server accepts GET requests, which can lead to...

Cross Site Request Forgery in profile's "SSH Keys" leads to unauthorized access to the system

Description While adding SSH public keys to the profile, the server accepts the GET request which results in adding an SSH public key to the profile and leads to unauthorised access to the system and backups. Proof of Concept Open the below url after logging in to the demo site.SSH Public key wil...

GO-2022-0968 Panic on malformed packets in golang.org/x/crypto/ssh

Unauthenticated clients can cause a panic in SSH servers. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic...

Hitachi Energy TXpert Hub CoreTec 4 Sudo Vulnerability

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: TXpert Hub CoreTec 4 Vulnerability: Off-by-one Error 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to take control of the system node and its information...

Debian: Security Advisory (DLA-3104-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3104-1] paramiko security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3104-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb September 12, 2022 https://wiki.debian.org/LTS -...

Malicious Package

Overview chrome-ssh-agent is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

MAL-2022-1901 Malicious code in chrome-ssh-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba428b9ebe2369390d5f53d0a930ddd41afab160b3f87a15471b2c4476d4c300 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in chrome-ssh-agent (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ba428b9ebe2369390d5f53d0a930ddd41afab160b3f87a15471b2c4476d4c300 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

x/crypto/ssh vulnerable to panic via malformed packets

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic...

GHSA-GWC9-M7RH-J2WW x/crypto/ssh vulnerable to panic via malformed packets

The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an unauthenticated attacker to panic an SSH server. When using AES-GCM or ChaCha20Poly1305, consuming a malformed packet which contains an empty plaintext causes a panic...