cloud-init bug fix update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fix: Previously, cloud-init incorrectly handled SSH keys containing \r\n...

ALBA-2022:4697 cloud-init bug fix update

The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Bug Fix: Previously, cloud-init incorrectly handled SSH keys containing \r\n...

Tetanus - Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust

Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus" sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus su...

CVE-2020-9355

danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled...

CVE-2022-29186

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

Design/Logic Flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

CVE-2022-29186 Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

CVE-2022-29186 Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

CVE-2022-29186

CVE-2022-29186 affects Rundeck Docker images (community and enterprise) versions 4.0 and earlier, where a pre-generated id_rsa.pub SSH keypair was included in the image. If this public key was copied to authorized_keys on a remote host, anyone with the corresponding private key could access those...

CVE-2022-29186 Use of Hard-coded Cryptographic Key in rundeck/rundeck, rundeckpro/enterprise

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the idrsa.pub public key of the keypair was copied to authorizedkeys files on remote host, those hosts...

Microsoft Warns Rise in XorDdos Malware Targeting Linux Devices

A Linux botnet malware known as XorDdos has witnessed a 254% surge in activity over the last six months, according to latest research from Microsoft. The trojan, so named for carrying out denial-of-service attacks on Linux systems and its use of XOR-based encryption for communications with its...

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based...

Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices

In the last six months, we observed a 254% increase in activity from a Linux trojan called XorDdos. First discovered in 2014 by the research group MalwareMustDie, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers as well as its usage of XOR-based...

Jenkins SSH Plugin Permissions and Access Control Issues Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins SSH Plugin 2.6.1 and earlier...

Jenkins SSH Plugin Access Control Error Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...

Jenkins SSH Plugin Cross-Site Request Forgery Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...

Mageia: Security Advisory (MGASA-2022-0168)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross Site Request Forgery in Jenkins SSH Plugin

A cross-site request forgery CSRF vulnerability in Jenkins SSH Plugin 2.6.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Missing Authorization in Jenkins SSH plugin

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Missing permission check in Jenkins SSH Plugin

A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...