(RHSA-2024:1468) Important: go-toolset-1.19-golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads...
7.5AI Score
0.0005EPSS
(RHSA-2024:1462) Important: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads...
7.3AI Score
0.0005EPSS
RHEL 7 : go-toolset-1.19-golang (RHSA-2024:1468)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1468 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...
7.5CVSS
6.8AI Score
0.0005EPSS
Oracle Linux 9 : golang (ELSA-2024-1462)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-1462 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using...
7.5CVSS
6.3AI Score
0.0005EPSS
RHEL 9 : golang (RHSA-2024:1462)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1462 advisory. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: golang-fips/openssl: Memory leaks in code encrypting...
7.5CVSS
6.8AI Score
0.0005EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2024:1472)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1472 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang-fips/openssl:...
7.5CVSS
6.7AI Score
0.0005EPSS
Important: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads...
7.5CVSS
7.5AI Score
0.0005EPSS
7.5CVSS
7.3AI Score
0.0005EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS...
7.5CVSS
6.9AI Score
0.0005EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394) For more details about the security issue(s), including the impact, a CVSS...
7.5CVSS
7.1AI Score
0.0005EPSS
Amazon Linux 2 : rust (ALAS-2024-2496)
The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2496 advisory. libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API,...
9.8CVSS
7.8AI Score
0.003EPSS
Amazon Linux 2 : rust (ALAS-2024-2504)
The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2504 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: ...
7.2AI Score
Issue Overview: RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ...
7.3AI Score
Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to git_revparse_single can cause the function to enter an infinite loop, potentially.....
9.8CVSS
8AI Score
0.003EPSS
A flaw was found in the BCC toolset. This issue occurs when extracting kernel headers, it tries to load them from a temporary directory. This issue could allow an attacker to force bcc to load compromised Linux headers by placing malicious headers in the temporary directory, leading to potential...
2.8CVSS
7AI Score
0.0004EPSS
Securing the Next Level: Automated Cloud Defense in Game Development with InsightCloudSec
Imagine the following scenario: You're about to enjoy a strategic duel on chess.com or dive into an intense battle in Fortnite, but as you log in, you find your hard-earned achievements, ranks, and reputation have vanished into thin air. This is not just a hypothetical scenario but a real...
7.2AI Score
Oracle Linux 9 : golang (ELSA-2024-1131)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1131 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...
7.5CVSS
6.4AI Score
0.001EPSS
AlmaLinux 9 : golang (ALSA-2024:1131)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:1131 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network...
7.5CVSS
6.5AI Score
0.001EPSS
Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries
The cybercrime group called GhostSec has been linked to a Golang variant of a ransomware family called GhostLocker. "TheGhostSec and Stormous ransomware groups are jointly conducting double extortion ransomware attacks on various business verticals in multiple countries," Cisco Talos researcher...
6AI Score
7.5CVSS
6.9AI Score
0.001EPSS
(RHSA-2024:1131) Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285) For more details about...
7.2AI Score
0.001EPSS
GhostSec’s joint ransomware operation and evolution of their arsenal
Cisco Talos observed a surge in GhostSec, a hacking group's malicious activities since this past year. GhostSec has evolved with a new GhostLocker 2.0 ransomware, a Golang variant of the GhostLocker ransomware. The GhostSec and Stormous ransomware groups are jointly conducting double extortion...
6.4AI Score
RHEL 9 : golang (RHSA-2024:1131)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1131 advisory. The golang packages provide the Go programming language compiler. Security Fix(es): * golang: net/http/internal: Denial of Service (DoS)...
7.5CVSS
7.3AI Score
0.001EPSS
Moderate: golang security update
The golang packages provide the Go programming language compiler. Security Fix(es): golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) golang: cmd/go: Protocol Fallback when fetching modules (CVE-2023-45285) For more details about the...
7.5CVSS
7.2AI Score
0.001EPSS
Summary go-git , Golang, GnuTLS, Libxml2, protobuf-c, JSON-java, Libmaxminddb, SQLite3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details ** CVEID: CVE-2023-47745 ...
7.8CVSS
9.7AI Score
0.008EPSS
(RHSA-2024:1041) Moderate: go-toolset-1.19-golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) golang: cmd/go: Protocol Fallback when fetching modules...
7.6AI Score
0.001EPSS
RHEL 7 : go-toolset-1.19-golang (RHSA-2024:1041)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1041 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...
7.5CVSS
7.3AI Score
0.001EPSS
CentOS 9 : gcc-toolset-13-binutils-2.40-8.el9
The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the gcc-toolset-13-binutils-2.40-8.el9 build changelog. GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, ...
7.5CVSS
7.1AI Score
0.002EPSS
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the rust-1.71.1-1.el9 build changelog. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version...
7.9CVSS
7.1AI Score
0.0004EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2024-0887)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0887 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...
7.5CVSS
7.1AI Score
0.001EPSS
go-toolset:ol8 security update
delve [1.20.2-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.20.2-1] - Rebase to 1.20.2 - Resolves: rhbz#2186495 golang [1.20.12-1] - Update to Go 1.20.12 - Fix CVE-2023-39326 CVE-2023-45285 go-toolset [1.20.12-1] - Update to Go 1.20.12 - CVE-2023-39326 golang:...
7.5CVSS
7AI Score
0.001EPSS
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:0887)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0887 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network...
7.5CVSS
7.2AI Score
0.001EPSS
(RHSA-2024:0887) Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) golang: cmd/go: Protocol Fallback when fetching modules...
7.2AI Score
0.001EPSS
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) golang: cmd/go: Protocol Fallback when fetching modules...
7.5CVSS
7.1AI Score
0.001EPSS
Moderate: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326) golang: cmd/go: Protocol Fallback when fetching modules...
7.5CVSS
6.8AI Score
0.001EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2024:0887)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0887 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...
7.5CVSS
7.7AI Score
0.001EPSS
Chinese Hackers Using Deepfakes in Advanced Mobile Banking Malware Attacks
A Chinese-speaking threat actor codenamed GoldFactory has been attributed to the development of highly sophisticated banking trojans, including a previously undocumented iOS malware called GoldPickaxe that's capable of harvesting identity documents, facial recognition data, and intercepting SMS....
6.7AI Score
7.4AI Score
Wix Toolset < 3.14 / 4.x < 4.0.4 Privilege Escalation
The version of Wix Toolset installed on the remote host is prior to 3.14.0 or 4.x prior to 4.0.4. It is, therefore, affected by a privilege escalation vulnerability. The .be TEMP folder is vulnerable to DLL redirection attacks that allow an unauthenticated, local attacker to escalate privileges....
8.2CVSS
7.5AI Score
0.001EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been.....
8.2CVSS
7AI Score
0.001EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been.....
8.2CVSS
7.6AI Score
0.001EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been.....
7.8CVSS
8.3AI Score
0.001EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been.....
7.8CVSS
7.3AI Score
0.001EPSS
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been.....
8.2CVSS
8.5AI Score
0.001EPSS
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990....
8.1AI Score
Summary OpenSSL, go-yaml, GnuTLS , OpenTelemetry-Go and urllib3 are consumed through RedHat UBI, go-toolset and OSE packages. These packages are shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details ** CVEID: CVE-2022-28948 DESCRIPTION: **Go-Yaml is...
8.1CVSS
8.8AI Score
0.003EPSS
Amazon Linux 2 : rust (ALAS-2024-2426)
The version of rust installed on the remote host is prior to 1.68.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2426 advisory. Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not...
6.1CVSS
7.1AI Score
0.001EPSS
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending...
7.3AI Score
Issue Overview: Cargo downloads a Rust project's dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by cargo build --timings. A malicious package included as a dependency may inject.....
6.1CVSS
7.4AI Score
0.001EPSS
Unified security operations with Microsoft Sentinel and Microsoft Defender XDR
Numerous cybersecurity tools exist to help organizations protect their data, people, and systems. There are different tools that check emails for phishing attempts, secure infrastructure and cloud, and provide generative AI to detect threats and uplevel response beyond human ability. While each of....
7.1AI Score