Oracle Linux 9 : rust (ELSA-2023-4634)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-4634 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
7.9CVSS
6.8AI Score
0.0004EPSS
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consume_count of src/gnu_v2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this...
7.8CVSS
7.5AI Score
0.001EPSS
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consume_count of src/gnu_v2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this...
7.8CVSS
7.8AI Score
0.001EPSS
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consume_count of src/gnu_v2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this...
7.8CVSS
7.8AI Score
0.001EPSS
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consume_count of src/gnu_v2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this...
7.8CVSS
7.8AI Score
0.001EPSS
CVE-2023-40022 Rizin vulnerable to Integer Overflow in C++ demangler logic
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in consume_count of src/gnu_v2/cplus-dem.c. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this...
7.8CVSS
8AI Score
0.001EPSS
Malwarebytes acquires Cyrus Security
Today, I am absolutely thrilled to share some exciting news: Malwarebytes is officially welcoming Cyrus Security into our family. This acquisition signifies an exciting chapter in our journey, and I wanted to share why this development is so special, and what it means for the millions who trust...
7AI Score
An update is available for rust. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc, the cargo...
7.9CVSS
7.2AI Score
0.0004EPSS
Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.9CVSS
7.1AI Score
0.0004EPSS
rust-toolset:rhel8 security update
An update is available for module.rust, rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler...
7.9CVSS
7.2AI Score
0.0004EPSS
Important: rust-toolset:rhel8 security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.9CVSS
7.1AI Score
0.0004EPSS
Rocky Linux 9 : rust (RLSA-2023:4634)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4634 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
7.9CVSS
5.9AI Score
0.0004EPSS
Rocky Linux 8 : rust-toolset:rhel8 (RLSA-2023:4635)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4635 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
7.9CVSS
7.1AI Score
0.0004EPSS
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential harvesting...
7.8AI Score
Spacecolon Toolset Fuels Global Surge in Scarab Ransomware Attacks
A malicious toolset dubbed Spacecolon is being deployed as part of an ongoing campaign to spread variants of the Scarab ransomware across victim organizations globally. "It probably finds its way into victim organizations by its operators compromising vulnerable web servers or via brute forcing...
6.9AI Score
New BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
Microsoft on Thursday disclosed that it found a new version of the BlackCat ransomware (aka ALPHV and Noberus) that embeds tools like Impacket and RemCom to facilitate lateral movement and remote code execution. "The Impacket tool has credential dumping and remote service execution modules that...
10CVSS
8.9AI Score
0.467EPSS
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud.....
6.6AI Score
AlmaLinux 8 : rust-toolset:rhel8 (ALSA-2023:4635)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4635 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
7.9CVSS
6.5AI Score
0.0004EPSS
(RHSA-2023:4651) Important: rust-toolset-1.66-rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
6.9AI Score
0.0004EPSS
RHEL 7 : rust-toolset-1.66-rust (RHSA-2023:4651)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4651 advisory. Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security...
7.9CVSS
7.1AI Score
0.0004EPSS
Microsoft Azure Subdomain Scanner / Enumerator Exploit
This is a Metasploit module for enumerating public Azure services by validating legitimate subdomains through various DNS record queries. This cloud reconnaissance module rapidly identifies API services, storage accounts, key vaults, databases, and...
7AI Score
AlmaLinux 9 : rust (ALSA-2023:4634)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:4634 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not...
7.9CVSS
6.4AI Score
0.0004EPSS
(RHSA-2023:4635) Important: rust-toolset:rhel8 security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.2AI Score
0.0004EPSS
(RHSA-2023:4634) Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.2AI Score
0.0004EPSS
RHEL 9 : rust (RHSA-2023:4634)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4634 advisory. rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) Note that Nessus has not tested for this issue but has...
7.9CVSS
7.1AI Score
0.0004EPSS
Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.9CVSS
6.9AI Score
0.0004EPSS
Important: rust-toolset:rhel8 security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.9CVSS
6.9AI Score
0.0004EPSS
Important: rust-toolset:rhel8 security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.9CVSS
7.1AI Score
0.0004EPSS
Important: rust security update
Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) For more details about the security issue(s),...
7.9CVSS
7.1AI Score
0.0004EPSS
7.1AI Score
RHEL 8 : rust-toolset:rhel8 (RHSA-2023:4635)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:4635 advisory. rust-cargo: cargo does not respect the umask when extracting dependencies (CVE-2023-38497) Note that Nessus has not tested for this issue but has...
7.9CVSS
7.1AI Score
0.0004EPSS
Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests
Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale,....
6.6AI Score
rust is vulnerable to Directory Traversal. This vulnerability occurs when Cargo downloads a crate that contains files with 0777 permissions. If the user has write access to the Cargo directory, they could exploit this vulnerability to create or modify arbitrary...
7.9CVSS
6.9AI Score
0.0004EPSS
KRBUACBypass - UAC Bypass By Abusing Kerberos Tickets
This POC is inspired by James Forshaw (@tiraniddo) shared at BlackHat USA 2022 titled “_Taking _Kerberos To The Next Level ” topic, he shared a Demo of abusing Kerberos tickets to achieve UAC bypass. By adding a KERB-AD-RESTRICTION-ENTRY to the service ticket, but filling in a fake MachineID, we...
7.2AI Score
Summary Multiple issues were identified in Red Hat UBI packages openssl-libs, libssh, libarchive, sqlite and go-toolset that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images (CVE-2020-24736, CVE-2020-29652, CVE-2022-32189, CVE-2023-2283, CVE-2022-36227,...
9.8CVSS
8.5AI Score
0.005EPSS
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research; and they provide a representative snapshot of what we have...
7.8CVSS
7.6AI Score
0.974EPSS
Fedora 38 : cutter-re / rizin (2023-3dc1f9ba12)
The remote Fedora 38 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2023-3dc1f9ba12 advisory. Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a...
7.8CVSS
7AI Score
0.001EPSS
go is vulnerable to Code Injection. The vulnerability exists when running an untrusted module which contains directories with newline characters in their names which allows an attacker to inject and execute arbitrary...
9.8CVSS
7.4AI Score
0.005EPSS
go is vulnerable to Privilege Escalation. The vulnerability exists because, on Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits which result in unexpected content being read or written with elevated...
7.8CVSS
6.7AI Score
0.001EPSS
go is vulnerable to Arbitrary Code Execution. The vulnerability may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code because arguments for a number of flags which are non-optional are incorrectly considered optional, allowing...
9.8CVSS
7.3AI Score
0.005EPSS
go is vulnerable to Argument Injection. Running "go get" or any intrusted code on a malicious module may execute arbitrary code at build...
9.8CVSS
7.7AI Score
0.005EPSS
Advanced Vishing Attack Campaign “LetsCall” Targets Andriod Users
By Deeba Ahmed In a newly detected muli-stage vishing campaign attackers are using an advanced toolset dubbed LetsCall, featuring strong evasion tactics. This is a post from HackRead.com Read the original post: Advanced Vishing Attack Campaign "LetsCall" Targets Andriod...
7AI Score
Critical: go-toolset and golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) ...
9.8CVSS
8.4AI Score
0.005EPSS
go-toolset and golang security update
An update is available for go-toolset, golang. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...
9.8CVSS
8.1AI Score
0.005EPSS
Rocky Linux 9 : go-toolset and golang (RLSA-2023:3923)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3923 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...
9.8CVSS
9.5AI Score
0.005EPSS
Vishing Goes High-Tech: New 'Letscall' Malware Employs Voice Traffic Routing
Researchers have issued a warning about an emerging and advanced form of voice phishing (vishing) known as "Letscall." This technique is currently targeting individuals in South Korea. The criminals behind "Letscall" employ a multi-step attack to deceive victims into downloading malicious apps...
6.7AI Score
Oracle Linux 9 : go-toolset / and / golang (ELSA-2023-3923)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3923 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...
9.8CVSS
9.5AI Score
0.005EPSS
go-toolset and golang security update
golang [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] go-toolset [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] ...
9.8CVSS
7.1AI Score
0.005EPSS
go-toolset:ol8 security update
delve [1.9.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.10-1.0.1] - New Go version 1.19.10 [CVE-2023-29402] [CVE-2023-29403] [CVE-2023-29404] [CVE-2023-29405] go-toolset [1.19.10-1.0.1] - Update for...
9.8CVSS
7.1AI Score
0.005EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-3922)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3922 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...
9.8CVSS
9.5AI Score
0.005EPSS