Engineer's Toolset Security Vulnerabilities

AlmaLinux 9 : go-toolset and golang (ALSA-2023:3923)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3923 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses...

North Korean Hacker Group Andariel Strikes with New EarlyRat Malware

The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in phishing attacks, adding another piece to the group's wide-ranging toolset. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from.....

(RHSA-2023:3923) Critical: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) ...

(RHSA-2023:3922) Critical: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...

(RHSA-2023:3920) Critical: go-toolset-1.19 and go-toolset-1.19-golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...

RHEL 9 : go-toolset and golang (RHSA-2023:3923)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3923 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: runtime: unexpected...

RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:3920)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3920 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3922)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3922 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses...

Critical: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)...

CentOS 8 : go-toolset:rhel8 (CESA-2023:3922)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3922 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...

Critical: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)...

Critical: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...

Critical: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...

RHEL 8 : go-toolset:rhel8 (RHSA-2023:3922)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3922 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: runtime: unexpected...

Autodesk Maya Installed

Autodesk Maya, a 3D animation and visual effects toolset, is installed on the remote Windows...

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and...

ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC

The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH)...

Operation Triangulation: Zero-Click iPhone Malware

Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to...

CVE-2023-34243

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...

CVE-2023-34243

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...

CVE-2023-34243

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...

Code injection

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...

CVE-2023-34243 Windows user name disclosure in TGstation

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with...

Operation Triangulation: iOS devices targeted with previously unknown malware

While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS...

CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor

The US Cybersecurity and Infrastructure Security Agency (CISA) has an urgent message for US businesses: watch out for Volt Typhoon, a threat actor sponsored by the People's Republic of China (PRC). The agency's joint Cybersecurity Advisory (CSA) published last week highlights a cluster of tactics,....

CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

Code injection

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

CVE-2023-32687 Insufficiently Protected ChatBot Credentials in tgstation-server

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3319)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3319 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...

go-toolset:Rocky Linux8 security update

An update is available for module.go-toolset, golang, module.golang, go-toolset, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...

Important: go-toolset:Rocky Linux8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score,...

Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session

Over the last year, two-thirds of the exploit modules added to Metasploit Framework have targeted command injection vulnerabilities (CWE-94: Improper Control of Generation of Code). In the process of helping new and existing open-source contributors learn how to use Metasploit’s command stager...

(RHSA-2023:3323) Important: go-toolset-1.19 and go-toolset-1.19-golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) golang: go/parser: Infinite loop in parsing (CVE-2023-24537) golang: html/template:...

(RHSA-2023:3319) Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score,...

(RHSA-2023:3318) Important: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about...

RHEL 9 : go-toolset and golang (RHSA-2023:3318)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3318 advisory. golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) golang: net/http,...

Important: go-toolset and golang security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about...

go-toolset:ol8 security and bug fix update

delve [1.9.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.6-1] - Rebase to Go 1.19.6 - Resolves: rhbz#2174430 [1.19.4-2] - Fix memory leaks in EVP_{sign,verify}_raw - Resolves: rhbz#2132767 go-toolset...

go-toolset:ol8 security update

delve [1.9.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204473 go-toolset [1.19.9-1] - Rebase to Go 1.19.9 - Resolves:...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-3319)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3319 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...

Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-3083)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3083 advisory. A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with...

AlmaLinux 9 : go-toolset and golang (ALSA-2023:3318)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3318 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...

Rocky Linux 8 : go-toolset:Rocky Linux8 (RLSA-2023:3319)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3319 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...

RHEL 8 : go-toolset:rhel8 (RHSA-2023:3319)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3319 advisory. golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) golang: net/http,...

go-toolset and golang security update

golang [1.19.9-2] - Fix TestEncryptOAEP and TLS failures in FIPS mode - Resolves: rhbz#2204476 [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204476 go-toolset [1.19.9-1] - Update to Go 1.19.9 - Related:...

Important: go-toolset:rhel8 security update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score,...

RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:3323)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3323 advisory. golang: go/parser: Infinite loop in parsing (CVE-2023-24537) golang: html/template: backticks not treated as string delimiters...