go is vulnerable to Denial Of Service (DoS). The vulnerable exists in globWithLimit and Glob functions in glob.go because the the number of path separators allowed by an input to Glob is not separated which allows an attacker to cause an application...
7.5CVSS
7.7AI Score
0.002EPSS
go is vulnerable to denial of service attacks. The vulnerability exists because, when calling Reader.Read on an archive containing a large number of concatenated 0-length compressed files may cause a panic due to stack...
7.5CVSS
7.5AI Score
0.002EPSS
go is vulnerable to Request Smuggling. The vulnerability exists because of accepting some invalid transfer-encoding header in t *transferReader function in transfer.go will allow the attacker to smuggle HTTP requests if combined with an intermediate server that also improperly fails to reject the.....
6.5CVSS
7.3AI Score
0.002EPSS
go is vulnerable to denial of service. The vulnerability exists in Skip function in read.go due to a stack exhaustion in decoder.Skip which allows an attacker to cause an application...
7.5CVSS
7.4AI Score
0.002EPSS
go is vulnerable to information disclosure. The vulnerability exists in httputil.ReverseProxy.ServeHTTP with a Request.Header map containing nil value for the X-Forwarded-For header which allows to remote attacker to bypass security mechanism and access the sensitive...
6.5CVSS
6.9AI Score
0.002EPSS
go is vulnerable to Denial Of Service (DoS). The vulnerability exists in functions in parser.go because of a stack exhaustion which allows an attacker to cause an application...
5.5CVSS
6.5AI Score
0.001EPSS
Candiru Spyware Caught Exploiting Google Chrome Zero-Day to Target Journalists
The actively exploited but now-fixed Google Chrome zero-day flaw that came to light at the start of this month was weaponized by an Israeli spyware company and used in attacks targeting journalists in the Middle East. Czech cybersecurity firm Avast linked the exploitation to Candiru (aka Saito...
AI Score
0.013EPSS
Fedora: Security Advisory for docker-distribution (FEDORA-2022-3e1ade35db)
The remote host is missing an update for...
9.1CVSS
8.9AI Score
0.004EPSS
[SECURITY] Fedora 35 Update: docker-distribution-2.6.2-17.git48294d9.fc35
Docker toolset to pack, ship, store, and deliver...
9.1CVSS
8.9AI Score
0.004EPSS
New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals — The Hacker News
A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to...
0.8AI Score
Koh is a C# and Beacon Object File (BOF) toolset that allows for the capture of user credential material via purposeful token/logon session leakage. Some code was inspired by Elad Shamir's Internal-Monologue project (no license), as well as KB180548. For why this is possible and Koh's approeach,...
6.6AI Score
Fedora: Security Advisory for golang-github-docker-distribution (FEDORA-2022-3969b64d4b)
The remote host is missing an update for...
9.1CVSS
8.9AI Score
0.005EPSS
[SECURITY] Fedora 35 Update: golang-github-docker-distribution-2.7.1-9.20200815git35b26de.fc35
The Docker toolset to pack, ship, store, and deliver content. This repository's main product is the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the docker/docker-regis try project with a new API design, focused around security and...
9.1CVSS
8.9AI Score
0.005EPSS
Fedora: Security Advisory for docker-distribution (FEDORA-2022-ba365d3703)
The remote host is missing an update for...
9.1CVSS
8.9AI Score
0.004EPSS
[SECURITY] Fedora 36 Update: docker-distribution-2.6.2-17.git48294d9.fc36
Docker toolset to pack, ship, store, and deliver...
9.1CVSS
8.9AI Score
0.004EPSS
Oracle Linux 8 : ol8addon (ELSA-2022-17957)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17957 advisory. Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software,...
8.8CVSS
8.7AI Score
0.002EPSS
8.8CVSS
1.4AI Score
0.002EPSS
go-toolset:ol8addon security update
go-toolset [1.18.3-1] - Update to golang 1.18.3 golang [1.18.3-1.0.1] - Rebase to 1.18.3 by adding upstream patches to the 1.18.0 openssl-fips - Modify Patch51852 to remove portions already upstream - Use base_version to distinguish the version of the tarball from the final version -...
7.8CVSS
2.4AI Score
0.004EPSS
Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-17956)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-17956 advisory. encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675) The...
9.1CVSS
8.9AI Score
0.004EPSS
Cloud-based Cryptocurrency Miners Targeting GitHub Actions and Azure VMs
GitHub Actions and Azure virtual machines (VMs) are being leveraged for cloud-based cryptocurrency mining, indicating sustained attempts on the part of malicious actors to target cloud resources for illicit purposes. "Attackers can abuse the runners or servers provided by GitHub to run an...
-0.7AI Score
CentOS 8 : go-toolset:rhel8 (CESA-2022:5337)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:5337 advisory. golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) golang: regexp: stack exhaustion via a deeply nested expression...
7.5CVSS
8.8AI Score
0.004EPSS
Microsoft Warns of Cryptomining Malware Campaign Targeting Linux Servers
A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence...
9.8CVSS
0.6AI Score
0.976EPSS
go-toolset:ol8 security and bug fix update
delve [1.7.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.10-1] - Rebase to Go 1.17.10 - Resolves: rhbz#2091077 go-toolset [1.17.10-1] - Rebase to Go 1.17.10 - Resolves:...
7.5CVSS
1.3AI Score
0.004EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-5337)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-5337 advisory. encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675) The...
7.5CVSS
8.7AI Score
0.004EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2022:5337)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5337 advisory. golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) golang: regexp: stack exhaustion via a deeply nested expression...
7.5CVSS
9.4AI Score
0.004EPSS
RHEL 7 : go-toolset-1.17 and go-toolset-1.17-golang (RHSA-2022:5415)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5415 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...
7.5CVSS
10AI Score
0.004EPSS
(RHSA-2022:5415) Moderate: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) golang: regexp: stack exhaustion via a deeply nested expression (CVE-2022-24921) golang:...
1.6AI Score
0.004EPSS
llvm-toolset:rhel8 bug fix update
An update is available for compiler-rt, lldb, lld, llvm, llvm-toolset, clang, libomp, python-lit. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LLVM Toolset...
1.4AI Score
Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) golang: syscall:...
7.2AI Score
0.004EPSS
go-toolset:rhel8 security and bug fix update
An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and.....
7.5CVSS
8.4AI Score
0.004EPSS
(RHSA-2022:5337) Moderate: go-toolset:rhel8 security and bug fix update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: encoding/pem: fix stack overflow in Decode (CVE-2022-24675) golang: crypto/elliptic: panic caused by oversized scalar (CVE-2022-28327) golang: syscall:...
1.3AI Score
0.004EPSS
New ToddyCat Hacker Group on Experts' Radar After Targeting MS Exchange Servers
An advanced persistent threat (APT) actor codenamed ToddyCat has been linked to a string of attacks aimed at government and military entities in Europe and Asia since at least December 2020. The relatively new adversarial collective is said to have commenced its operations by targeting Microsoft...
2.3AI Score
In Cybersecurity, What You Can’t See Can Hurt You
The dangers to SMBs and businesses of all sizes from cyberattacks are well known. But what’s driving these attacks, and what do cybersecurity stakeholders need to do that they’re not already doing? To answer these questions, we recently analyzed dozens of detailed incident response (IR) reports...
1AI Score
Karakurt extortion group: Threat profile
The FBI (Federal Bureau of Investigation), together with CISA (Cybersecurity and Infrastructure Security Agency) and other federal agencies, recently released a joint cybersecurity advisory (CSA) about the Karakurt data extortion group (also known as Karakurt Team and Karakurt Lair). Like...
-0.2AI Score
People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
Summary Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system This joint Cybersecurity Advisory describes the ways in which People’s Republic of China (PRC)...
10CVSS
10AI Score
0.975EPSS
go-toolset:ol8addon security update
go-toolset [1.16.15-1] - Rebase to Go 1.16.15 golang [1.16.15-1.0.1] - Add patches from 1.16.12 to 1.16.15 - Add Sources for 3 binary files that changed between 1.16.12 and 1.16.15 - Rename base_vrsn to base_version - Reviewed-by: XXX...
9.1CVSS
0.9AI Score
0.005EPSS
go-toolset:ol8addon security update
go-toolset [1.17.10-1] - Set version to correspond to the matching build golang version - delve can be now added to aarch64 as well, remove ifarch. golang [1.17.10-1.0.1] - Add patches between Go 1.17.7 and Go 1.17.10 - Rename base_versn to base_version - Remove unneeded patches from previous...
7.5CVSS
2.9AI Score
0.004EPSS
Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-14844)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-14844 advisory. regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921) ...
7.5CVSS
8.6AI Score
0.004EPSS
Oracle Linux 8 : go-toolset:ol8addon (ELSA-2022-14857)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-14857 advisory. regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921) cmd/go in...
9.1CVSS
9.2AI Score
0.005EPSS
Connected Healthcare: A Cybersecurity Battlefield We Must Win
Connected Healthcare: A Cybersecurity Battlefield We Must Win By Charles McFarland · June 6, 2022 We are commonly taught to prioritize the most critical, severe, or impactful tasks when trying to conquer a list of intimidating problems. Yet, how is this possible when presented with two tasks of...
AI Score
EPSS
Connected Healthcare: A Cybersecurity Battlefield We Must Win
Connected Healthcare: A Cybersecurity Battlefield We Must Win By Trellix · June 6, 2022 This blog was written by Charles McFarland We are commonly taught to prioritize the most critical, severe, or impactful tasks when trying to conquer a list of intimidating problems. Yet, how is this possible...
9.3AI Score
EPSS
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years
An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their...
7.8CVSS
0.3AI Score
0.974EPSS
Conti Ransomware Operation Shut Down After Splitting into Smaller Groups
Even as the operators of Conti threatened to overthrow the Costa Rican government, the notorious cybercrime gang officially took down its attack infrastructure in favor of migrating their malicious cyber activities to other ancillary operations, including Karakurt and BlackByte. "From the...
0.7AI Score
Oracle Linux 8 : rust-toolset:ol8 (ELSA-2022-1894)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1894 advisory. Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response...
7.3CVSS
6.5AI Score
0.001EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2022-1819)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1819 advisory. In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause...
9.8CVSS
8.5AI Score
0.005EPSS
An update is available for rust-toolset, rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...
2AI Score
An update is available for compiler-rt, lld, llvm, llvm-toolset, clang, libomp, python-lit. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed...
1.7AI Score
go-toolset:ol8 security and bug fix update
delve [1.7.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.7.2-1] - Rebase to 1.7.2 - Related: rhbz#2014088 golang [1.17.7-1] - Rebase to Go 1.17.7 - Remove fips memory leak patch (fixed in tree) - Resolves: rhbz#2015930 go-toolset [1.17.7-1] - Rebase to Go 1.17.7 -...
9.8CVSS
1.2AI Score
0.005EPSS
rust-toolset:ol8 security, bug fix, and enhancement update
rust [1.58.1-1] - Update to 1.58.1. [1.58.0-1] - Update to 1.58.0. [1.57.0-1] - Update to 1.57.0. [1.56.1-2] - Add rust-std-static-wasm32-wasi Resolves: rhbz#1980080 [1.56.0-1] - Update to 1.56.1. [1.55.0-1] - Update to 1.55.0. - Backport support for LLVM 13. [1.54.0-2] - Make std-static-wasm*...
6.3CVSS
0.8AI Score
0.001EPSS
Summary Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.5-x packages "expat", "gcc", "openssl", "libxml" and go-toolset v1.16.x that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details CVEID: CVE-2022-22825 DESCRIPTION: Expat...
9.8CVSS
1.5AI Score
0.035EPSS