gcc-toolset-13-annobin bug fix and enhancement update
An update is available for gcc-toolset-13-annobin. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....
6.9AI Score
gcc-toolset-12-gcc bug fix update
An update is available for gcc-toolset-12-gcc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc-toolset-12-gcc package contains the GNU Compiler...
7.2AI Score
Oracle Linux 9 : golang (ELSA-2024-2562)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2562 advisory. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or...
7.5CVSS
7.9AI Score
0.0005EPSS
[1.21.9-2] - Rebuilt for z-stream - Related: RHEL-24312 - Related: RHEL-28940 [1.21.9-1] - Fix CVE-2024-1394 - Fix CVE-2023-45288 - Resolves RHEL-24312 - Resolves...
7.5CVSS
7.4AI Score
0.0005EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...
6.7AI Score
0.0004EPSS
go-toolset:rhel8 security update
An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....
7.2AI Score
0.0004EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2024:1962)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1962 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6.2AI Score
0.0004EPSS
(RHSA-2024:2562) Important: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) golang: net/http/cookiejar:...
7.3AI Score
0.0005EPSS
RHEL 9 : golang (RHSA-2024:2562)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2562 advisory. The golang packages provide the Go programming language compiler. Security Fix(es): * golang-fips/openssl: Memory leaks in code encrypting...
7.5CVSS
7.8AI Score
0.0005EPSS
Important: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) golang: net/http: memory exhaustion in Request.ParseMultipartForm (CVE-2023-45290) golang: net/http/cookiejar:...
7.5CVSS
7.8AI Score
0.0005EPSS
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:1962)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1962 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6.1AI Score
0.0004EPSS
AlmaLinux 9 : golang (ALSA-2024:1963)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1963 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6.1AI Score
0.0004EPSS
RHEL 9 : golang (RHSA-2024:1963)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1963 advisory. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http, x/net/http2: unlimited number of...
6.5AI Score
0.0004EPSS
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received DLL.....
9.8CVSS
7.5AI Score
0.97EPSS
Oracle Linux 9 : golang (ELSA-2024-1963)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1963 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6.1AI Score
0.0004EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-1962)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1962 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK...
6AI Score
0.0004EPSS
(RHSA-2024:1963) Important: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
8.3AI Score
0.0004EPSS
(RHSA-2024:1962) Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...
8.3AI Score
0.0004EPSS
go-toolset:ol8 security update
delve golang [1.20.12-8] - Update sources file - Related: RHEL-27928 [1.20.12-7] - Fix CVE-2024-1394 - Resolves: RHEL-27928 [1.20.12-6] - Fix CVE-2023-45288 - Resolves: RHEL-31914...
7.4AI Score
0.0004EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2024:1962)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1962 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net/http,...
6.7AI Score
0.0004EPSS
Important: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS...
8.3AI Score
0.0004EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...
7.6AI Score
0.0004EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) For more details about the security issue(s), including the impact, a...
8.3AI Score
0.0004EPSS
[1.20.12-4] - Rebuild for z-stream - Related: RHEL-28939 [1.20.12-3] - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests...
7.1AI Score
0.0004EPSS
Using the LockBit builder to generate targeted ransomware
The previous Kaspersky research focused on a detailed analysis of the LockBit 3.0 builder leaked in 2022. Since then, attackers have been able to generate customized versions of the threat according to their needs. This opens up numerous possibilities for malicious actors to make their attacks...
7.8AI Score
The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator, based on the Kubernetes Event Driven Autoscaler (KEDA), which allows workloads to be scaled using additional metrics sources other than pod metrics. This release builds upon updated compiler, runtime library, and....
7.5AI Score
0.732EPSS
Microsoft is addressing 149 vulnerabilities this April 2024 Patch Tuesday, which is significantly more than usual. For the second month in a row, Microsoft indicated that they weren't aware of prior public disclosure or exploitation in the wild for any of the vulnerabilities patched today....
9CVSS
10AI Score
EPSS
Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The clusters are being tracked by Mandiant under the uncategorized monikers UNC5221, UNC5266, UNC5291, UNC5325,....
9.1CVSS
9.6AI Score
0.969EPSS
Stories from the SOC Part 1: IDAT Loader to BruteRatel
Rapid7’s Managed Detection and Response (MDR) team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed.....
8.1AI Score
Wix Toolset < 3.14.1 / 4.x < 4.0.5 Multiple Vulnerabilities
The version of Wix Toolset installed on the remote host is prior to 3.14.1 or 4.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx...
7.9CVSS
6.9AI Score
0.0004EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS...
7.5CVSS
7.3AI Score
0.0005EPSS
go-toolset:rhel8 security update
An update is available for module.golang, go-toolset, delve, module.go-toolset, module.delve, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset....
7.5CVSS
7.4AI Score
0.0005EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2024:1472)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2024:1472 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using...
7.5CVSS
6.5AI Score
0.0005EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through...
7.2CVSS
7AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through...
7.2CVSS
6.8AI Score
0.0004EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in OnTheGoSystems Types.This issue affects Types: from n/a through...
7.2CVSS
7.2AI Score
0.0004EPSS
8.2CVSS
8.5AI Score
0.082EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's....
7.3CVSS
7AI Score
0.0004EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's....
7.3CVSS
7AI Score
0.0004EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
7.9CVSS
6.4AI Score
0.0004EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's....
7.3CVSS
7.1AI Score
0.0004EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
7.9CVSS
7.5AI Score
0.0004EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
7.9CVSS
6.9AI Score
0.0004EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
7.9CVSS
7.7AI Score
0.0004EPSS
CVE-2024-29187 WiX based installers are vulnerable to binary hijack when run as SYSTEM
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's....
7.3CVSS
7.2AI Score
0.0004EPSS
AlmaLinux 9 : golang (ALSA-2024:1462)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1462 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled...
7.5CVSS
6.4AI Score
0.0005EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-1472)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1472 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using...
7.5CVSS
6.3AI Score
0.0005EPSS
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:1472)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:1472 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled...
7.5CVSS
6.4AI Score
0.0005EPSS
go-toolset:ol8 security update
delve [1.20.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.20.2-1] - Rebase to 1.20.2 - Resolves: rhbz#2186495 golang [1.20.12-3] - Fix CVE-2024-1394 - Resolves: RHEL-27928 [1.20.12-2] - Fix sources file - Related: RHEL-19231...
7.5CVSS
7AI Score
0.0005EPSS
(RHSA-2024:1472) Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS...
7.4AI Score
0.0005EPSS