DEBIAN-CVE-2023-29404

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

AZL-27122 CVE-2023-29402 affecting package msft-golang for versions less than 1.19.10-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

AZL-37329 CVE-2023-29402 affecting package golang for versions less than 1.21.6-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

DEBIAN-CVE-2023-29402

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

AZL-27111 CVE-2023-29402 affecting package golang for versions less than 1.20.7-1

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

UBUNTU-CVE-2023-29405

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. Flags containing...

UBUNTU-CVE-2023-29402

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

CVE-2023-29402 Code injection via go command with cgo in cmd/go

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

CVE-2023-29402

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

SUSE CVE-2023-29402

The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved...

SUSE CVE-2023-29404

The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "cgo LDFLAGS" directive. The arguments for a...

Mitsubishi Electric MELSEC iQ-R Series/iQ-F Series (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Equipment : MELSEC iQ-R Series/iQ-F Series EtherNet/IP Modules and EtherNet/IP Configuration Tool Vulnerabilities: Weak Password Requirements, Use of Hard-coded Credentials, Missin...

USN-6112-2: Perl vulnerability

USN-6112-1 fixed vulnerabilities in Perl. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. Original advisory details: It was discovered that Perl was not properly verifying TLS certificates when using CPAN together with...

CVE-2023-0635

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux 2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules, ABB Ltd. NEXUS Series on NEXUS Series, Linux 2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...

CVE-2023-0636 Remote Code Execution via Command Injection

Improper Input Validation vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux 2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules, ABB Ltd. NEXUS Series on NEXUS Series, Linux 2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021,...

CVE-2023-0635

ABB ASPECT-family devices (ASPECT-Enterprise, NEXUS Series, MATRIX Series) are affected by an unauthenticated OS command injection that enables remote code execution via networkDiagAjax.php (host param). Zero Science Lab cites affected firmware

MAAD-AF - MAAD Attack Framework - An Attack Tool For Simple, Fast And Effective Security Testing Of M365 And Azure AD

MAAD-AF is an open-source cloud attack tool developed for testing security of Microsoft 365 & Azure AD environments through adversary emulation. MAAD-AF provides security practitioners easy to use attack modules to exploit configurations across different M365/AzureAD cloud-based tools & services...

CVE-2023-2061 Authentication bypass vulnerability in MELSEC iQ-R Series / iQ-F Series EtherNet/IP Modules

Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via F...

SUSE CVE-2023-33966

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

GHSA-VC52-GWM3-8V2F Missing "--allow-net" permission check for built-in Node modules

Impact Outbound HTTP requests made using the built-in "node:http" or "node:https" modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0...