llvm-toolset:rhel8 bug fix and enhancement update
An update is available for module.libomp, module.llvm, clang, libomp, llvm, module.clang, module.compiler-rt, compiler-rt, python-lit, module.lld, module.lldb, module.python-lit, lldb, lld. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a...
7.4AI Score
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control (C2) framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under...
7.4AI Score
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request...
7.5CVSS
7.3AI Score
0.001EPSS
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request...
7.5CVSS
7.4AI Score
0.001EPSS
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request...
7.5CVSS
0.001EPSS
Cross site request forgery (csrf)
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request...
7.5CVSS
6.9AI Score
0.001EPSS
CVE-2023-50728 Unauthenticated Denial of Service in the octokit/webhooks library
octokit/webhooks is a GitHub webhook events toolset for Node.js. Starting in 9.26.0 and prior to 9.26.3, 10.9.2, 11.1.2, and 12.0.4, there is a problem caused by an issue with error handling in the @octokit/webhooks library because the error can be undefined in some cases. The resulting request...
5.4CVSS
7.6AI Score
0.001EPSS
Metasploit Weekly Wrap-Up: Dec. 15, 2023
Continuing the 12th Labor of Metasploit Metasploit continues its Herculean task of increasing our toolset to tame Kerberos by adding support for AS_REP Roasting, which allows retrieving the password hashes of users who have Do not require Kerberos preauthentication set on the domain controller....
8.8CVSS
9.3AI Score
0.363EPSS
Summary Multiple issues were identified in Red Hat UBI packages, go-toolset and OSE are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details ** CVEID: CVE-2023-25153 DESCRIPTION: **containerd is vulnerable to a denial of service, caused by a...
8.1CVSS
9.1AI Score
0.732EPSS
Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally
SUMMARY The U.S. Federal Bureau of Investigation (FBI), U.S. Cybersecurity & Infrastructure Security Agency (CISA), U.S. National Security Agency (NSA), Polish Military Counterintelligence Service (SKW), CERT Polska (CERT.PL), and the UK’s National Cyber Security Centre (NCSC) assess Russian...
9.8CVSS
10AI Score
0.97EPSS
New Threat Actor 'AeroBlade' Emerges in Espionage Attack on U.S. Aerospace
A previously undocumented threat actor has been linked to a cyber attack targeting an aerospace organization in the U.S. as part of what's suspected to be a cyber espionage mission. The BlackBerry Threat Research and Intelligence team is tracking the activity cluster as AeroBlade. Its origin is...
7.3AI Score
Agent Racoon Backdoor Targets Organizations in Middle East, Africa, and U.S.
Organizations in the Middle East, Africa, and the U.S. have been targeted by an unknown threat actor to distribute a new backdoor called Agent Racoon. "This malware family is written using the .NET framework and leverages the domain name service (DNS) protocol to create a covert channel and...
7.4AI Score
gcc-toolset-11-binutils bug fix and enhancement update
An update is available for gcc-toolset-11-binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The binutils packages provide a collection of binary...
7.4AI Score
gcc-toolset-13-annobin bug fix and enhancement update
An update is available for gcc-toolset-13-annobin. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the.....
6.8AI Score
Virtuozzo Hybrid Infrastructure 6.0 (6.0.0-243)
In this release, Virtuozzo Hybrid Infrastructure provides an upgrade of the Linux distribution, kernel, and toolset packages. This release also contains a range of new features that cover storage performance, object storage, as well as monitoring and alerts. Additionally, this release delivers...
7.3AI Score
Adobe Audition Uninitialized Pointer Access Vulnerability (CNVD-2023-88660)
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. A security vulnerability exists in Adobe Audition version.....
5.5CVSS
5.9AI Score
0.0004EPSS
Adobe Audition Out-of-Bounds Write Vulnerability (CNVD-2023-88381)
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. An out-of-bounds write vulnerability exists in Adobe...
7.8CVSS
7.9AI Score
0.063EPSS
Adobe Audition Out-of-Bounds Read Vulnerability (CNVD-2023-88658)
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product is mainly used to include multi-track, waveforms and spectral display of the perfect toolset for audio content mixing, editing and creation. An out-of-bounds read vulnerability exists in...
7.8CVSS
7.6AI Score
0.001EPSS
Adobe Audition Out-of-Bounds Read Vulnerability (CNVD-2023-88380)
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. An out-of-bounds read vulnerability exists in Adobe...
7.8CVSS
7.5AI Score
0.001EPSS
Adobe Audition Uninitialized Pointer Access Vulnerability (CNVD-2023-88657)
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. A security vulnerability exists in Adobe Audition version.....
3.3CVSS
5.9AI Score
0.001EPSS
Adobe Audition Heap Buffer Overflow Vulnerability
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. A heap buffer overflow vulnerability exists in Adobe...
7.8CVSS
7.9AI Score
0.001EPSS
Adobe Audition Out-of-Bounds Read Vulnerability (CNVD-2023-88661)
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. An out-of-bounds read vulnerability exists in Adobe...
5.5CVSS
5.8AI Score
0.0004EPSS
Adobe Audition Out-of-Bounds Read Vulnerability (CNVD-2023-88659)
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product is mainly used to include multi-track, waveforms and spectral display of the perfect toolset for audio content mixing, editing and creation. An out-of-bounds read vulnerability exists in...
7.8CVSS
7.6AI Score
0.001EPSS
Adobe Audition Uninitialized Pointer Access Vulnerability
Adobe Audition is a set of multi-track editing tools from the American company Audobee (Adobe). The product is mainly used to include multi-track, waveforms and spectral display of the perfect toolset for audio content mixing, editing and creation. A security vulnerability exists in Adobe Audition....
7.8CVSS
7.8AI Score
0.003EPSS
container-tools:ol8 security and bug fix update
aardvark-dns [2:1.7.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.7.0 - Related: #2176055 [2:1.6.0-1] - update to https://github.com/containers/aardvark-dns/releases/tag/v1.6.0 - Related: #2176055 buildah [1:1.31.3-1] - update to...
9.8CVSS
8.8AI Score
0.024EPSS
Summary Multiple issues were identified in Red Hat UBI packages, Kubernetes and go-toolset are fixed and shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. Vulnerability Details ** CVEID: CVE-2023-4813 DESCRIPTION: **glibc is vulnerable to a denial of service, caused by a.....
9.8CVSS
9.6AI Score
0.014EPSS
Apigee API Security policies howto
The Genesis of Apigee API Security Guidelines In today's digital epoch, APIs (Application Programming Interfaces) have ascended to be the fundamental infrastructure underpinning software development - furnishing the medium for diverse software systems to interact and exchange data. Yet, with this.....
7.7AI Score
Introducing ThreatDown: A new chapter for Malwarebytes
Since I started Malwarebytes 15 years ago the threat landscape has changed. Our offerings have evolved. And now the next chapter of our journey begins today. How did we get here? My first cyber “combatant” was an early form of adware running amok on my family’s computer. Removing it was a team...
7.2AI Score
Rocky Linux 8 : gcc-toolset-11-gcc (RLSA-2021:4586)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4586 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
6.8AI Score
0.003EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:1746)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1746 advisory. In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb...
7.5CVSS
8.9AI Score
0.017EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5775)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5775 advisory. Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling...
7.5CVSS
8.1AI Score
0.002EPSS
Rocky Linux 8 : gcc-toolset-10-binutils (RLSA-2021:4649)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4649 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
6.8AI Score
0.003EPSS
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2022:1894)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1894 advisory. Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response...
7.3CVSS
7.3AI Score
0.001EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:5337)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5337 advisory. encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675) ...
7.5CVSS
8.5AI Score
0.004EPSS
Rocky Linux 9 : go-toolset and golang (RLSA-2023:0328)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0328 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts...
7.5CVSS
8.1AI Score
0.002EPSS
Rocky Linux 8 : llvm-toolset:rhel8 (RLSA-2021:4743)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4743 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
7AI Score
0.003EPSS
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2021:1935)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1935 advisory. In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string...
9.8CVSS
7.4AI Score
0.003EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:3585)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:3585 advisory. Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to...
7.5CVSS
6.7AI Score
0.002EPSS
Rocky Linux 8 : gcc-toolset-10-gcc (RLSA-2021:4585)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4585 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
6.8AI Score
0.003EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2022:1819)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1819 advisory. Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm...
9.8CVSS
9.3AI Score
0.005EPSS
Rocky Linux 8 : gcc-toolset-11-binutils (RLSA-2021:4594)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4594 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
6.8AI Score
0.003EPSS
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2021:4270)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4270 advisory. library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in...
9.1CVSS
6.8AI Score
0.005EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2023:0446)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0446 advisory. Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts...
7.5CVSS
8.1AI Score
0.002EPSS
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2021:4590)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4590 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
6.8AI Score
0.003EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:4156)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4156 advisory. Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may...
7.5CVSS
7.4AI Score
0.007EPSS
Rocky Linux 8 : gcc-toolset-10-annobin (RLSA-2021:4592)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4592 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
6.8AI Score
0.003EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:3076)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:3076 advisory. encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the...
7.5CVSS
7AI Score
0.009EPSS
Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:5160)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5160 advisory. net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2...
7.5CVSS
7.2AI Score
0.003EPSS
Rocky Linux 8 : gcc-toolset-11-annobin (RLSA-2021:4591)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4591 advisory. ** DISPUTED ** An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of...
8.3CVSS
6.8AI Score
0.003EPSS
PentestPad: Platform for Pentest Teams
In the ever-evolving cybersecurity landscape, the game-changers are those who adapt and innovate swiftly. Pen test solutions not only supercharge productivity but also provide a crucial layer of objectivity, ensuring efficiency and exceptional accuracy. The synergy between a skilled penetration...
6.9AI Score