AlmaLinux 9 : go-toolset and golang (ALSA-2023:3923)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3923 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses...
9.8CVSS
9.5AI Score
0.005EPSS
North Korean Hacker Group Andariel Strikes with New EarlyRat Malware
The North Korea-aligned threat actor known as Andariel leveraged a previously undocumented malware called EarlyRat in phishing attacks, adding another piece to the group's wide-ranging toolset. "Andariel infects machines by executing a Log4j exploit, which, in turn, downloads further malware from.....
7.4AI Score
(RHSA-2023:3923) Critical: go-toolset and golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) ...
9.8AI Score
0.005EPSS
(RHSA-2023:3922) Critical: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...
9.8AI Score
0.005EPSS
(RHSA-2023:3920) Critical: go-toolset-1.19 and go-toolset-1.19-golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...
9.8AI Score
0.005EPSS
RHEL 9 : go-toolset and golang (RHSA-2023:3923)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3923 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: runtime: unexpected...
9.8CVSS
9.9AI Score
0.005EPSS
RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:3920)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3920 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang:...
9.8CVSS
9.8AI Score
0.005EPSS
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3922)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3922 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses...
9.8CVSS
9.5AI Score
0.005EPSS
Critical: go-toolset and golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)...
9.8CVSS
8.4AI Score
0.005EPSS
CentOS 8 : go-toolset:rhel8 (CESA-2023:3922)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:3922 advisory. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which...
9.8CVSS
9.6AI Score
0.005EPSS
Critical: go-toolset and golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402)...
9.8CVSS
9.8AI Score
0.005EPSS
Critical: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...
9.8CVSS
9.8AI Score
0.005EPSS
Critical: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: cmd/go: go command may execute arbitrary code at build time...
9.8CVSS
8.4AI Score
0.005EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2023:3922)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3922 advisory. golang: cmd/go: go command may generate unexpected code at build time when using cgo (CVE-2023-29402) golang: runtime: unexpected...
9.8CVSS
9.8AI Score
0.005EPSS
Autodesk Maya, a 3D animation and visual effects toolset, is installed on the remote Windows...
7AI Score
State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments
Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and...
8.4AI Score
ChamelDoH: New Linux Backdoor Utilizing DNS-over-HTTPS Tunneling for Covert CnC
The threat actor known as ChamelGang has been observed using a previously undocumented implant to backdoor Linux systems, marking a new expansion of the threat actor's capabilities. The malware, dubbed ChamelDoH by Stairwell, is a C++-based tool for communicating via DNS-over-HTTPS (DoH)...
7AI Score
Operation Triangulation: Zero-Click iPhone Malware
Kaspersky is reporting a zero-click iOS exploit in the wild: Mobile device backups contain a partial copy of the filesystem, including some of the user data and service databases. The timestamps of the files, folders and the database records allow to roughly reconstruct the events happening to...
7.3AI Score
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...
5.8CVSS
5.1AI Score
0.001EPSS
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...
5.8CVSS
6.9AI Score
0.001EPSS
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...
5.3CVSS
5.5AI Score
0.001EPSS
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...
5.3CVSS
5.2AI Score
0.001EPSS
CVE-2023-34243 Windows user name disclosure in TGstation
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct...
5.8CVSS
5.7AI Score
0.001EPSS
New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware
A previously unknown advanced persistent threat (APT) is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with...
7.1AI Score
Operation Triangulation: iOS devices targeted with previously unknown malware
While monitoring the network traffic of our own corporate Wi-Fi network dedicated for mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), we noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS...
7AI Score
CISA issues warning to US businesses: Beware of China's state-sponsored cyber actor
The US Cybersecurity and Infrastructure Security Agency (CISA) has an urgent message for US businesses: watch out for Volt Typhoon, a threat actor sponsored by the People's Republic of China (PRC). The agency's joint Cybersecurity Advisory (CSA) published last week highlights a cluster of tactics,....
7.1AI Score
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
7.7CVSS
6.5AI Score
0.001EPSS
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
6.5CVSS
7.3AI Score
0.001EPSS
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
7.7CVSS
6.2AI Score
0.001EPSS
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
6.5CVSS
6.2AI Score
0.001EPSS
CVE-2023-32687 Insufficiently Protected ChatBot Credentials in tgstation-server
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
7.7CVSS
7.5AI Score
0.001EPSS
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3319)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3319 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...
9AI Score
0.003EPSS
go-toolset:Rocky Linux8 security update
An update is available for module.go-toolset, golang, module.golang, go-toolset, module.delve. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset...
9.8CVSS
6.8AI Score
0.003EPSS
Important: go-toolset:Rocky Linux8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score,...
9.8CVSS
6.8AI Score
0.003EPSS
Fetch Payloads: A Shorter Path from Command Injection to Metasploit Session
Over the last year, two-thirds of the exploit modules added to Metasploit Framework have targeted command injection vulnerabilities (CWE-94: Improper Control of Generation of Code). In the process of helping new and existing open-source contributors learn how to use Metasploit’s command stager...
8.1AI Score
(RHSA-2023:3323) Important: go-toolset-1.19 and go-toolset-1.19-golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) golang: go/parser: Infinite loop in parsing (CVE-2023-24537) golang: html/template:...
6.9AI Score
0.003EPSS
(RHSA-2023:3319) Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score,...
6.9AI Score
0.005EPSS
(RHSA-2023:3318) Important: go-toolset and golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about...
9.2AI Score
0.005EPSS
RHEL 9 : go-toolset and golang (RHSA-2023:3318)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3318 advisory. golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) golang: net/http,...
8.6AI Score
0.005EPSS
Important: go-toolset and golang security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about...
9.8CVSS
6.9AI Score
0.003EPSS
go-toolset:ol8 security and bug fix update
delve [1.9.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.6-1] - Rebase to Go 1.19.6 - Resolves: rhbz#2174430 [1.19.4-2] - Fix memory leaks in EVP_{sign,verify}_raw - Resolves: rhbz#2132767 go-toolset...
7.5CVSS
7AI Score
0.001EPSS
go-toolset:ol8 security update
delve [1.9.1-1.0.1] - Disable DWARF compression which has issues (Alex Burmashev) [1.9.1-1] - Rebase to 1.9.1 - Related: rhbz#2131026 golang [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204473 go-toolset [1.19.9-1] - Rebase to Go 1.19.9 - Resolves:...
9.8CVSS
7.1AI Score
0.003EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-3319)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3319 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...
8.9AI Score
0.003EPSS
Oracle Linux 8 : go-toolset:ol8 (ELSA-2023-3083)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-3083 advisory. A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with...
6.8AI Score
0.001EPSS
AlmaLinux 9 : go-toolset and golang (ALSA-2023:3318)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:3318 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...
9AI Score
0.003EPSS
Rocky Linux 8 : go-toolset:Rocky Linux8 (RLSA-2023:3319)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3319 advisory. Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \t...
9.7AI Score
0.003EPSS
RHEL 8 : go-toolset:rhel8 (RHSA-2023:3319)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3319 advisory. golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) golang: net/http,...
8.6AI Score
0.005EPSS
go-toolset and golang security update
golang [1.19.9-2] - Fix TestEncryptOAEP and TLS failures in FIPS mode - Resolves: rhbz#2204476 [1.19.9-1] - Rebase to Go 1.19.9 - Resolves: rhbz#2204476 go-toolset [1.19.9-1] - Update to Go 1.19.9 - Related:...
9.8CVSS
7.1AI Score
0.003EPSS
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score,...
9.8CVSS
7.1AI Score
0.003EPSS
RHEL 7 : go-toolset-1.19 and go-toolset-1.19-golang (RHSA-2023:3323)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3323 advisory. golang: go/parser: Infinite loop in parsing (CVE-2023-24537) golang: html/template: backticks not treated as string delimiters...
9.4AI Score
0.003EPSS