clipass (=0.1.0), clipperd (>=0.1.1 <=0.1.5) +15 more potentially affected by unknown CVE via magic-crypt (=3.1.13)

magic-crypt CARGO version =3.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on magic-crypt and may be impacted: - clipass =0.1.0 - clipperd =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.19.7, =0.35.0 and...

[SECURITY] Fedora 38 Update: golang-github-nats-io-streaming-server-0.25.6-1.fc38

NATS Streaming is an extremely performant, lightweight reliable streaming platform built on NATS...

Fedora: Security Advisory for mvfst (FEDORA-2023-17efd3f2cd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of NewBitfield and FromBytes functions, an attacker can trigger panics. This happen when the size is a not a multiple of 8...

CVE-2023-23626

The CVE-2023-23626 issue affects go-bitfield, a Go bitfield package. The vulnerability arises when untrusted input is passed to the size parameter of NewBitfield and FromBytes, causing panics if size is negative or not a multiple of 8. Public advisories note this condition and recommend upgrading...

Fedora: Security Advisory for golang-github-francoispqt-gojay (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-francoispqt-gojay-1.2.13-6.fc36

GoJay is a performant JSON encoder/decoder for Golang currently the most performant, see benchmarks. It has a simple API and doesn't use reflection. It relies on small interfaces to decode/encode structures and slices. Gojay also comes with powerful stream decoding features and an even faster...

Finshir - A Coroutines-Driven Low And Slow Traffic Sender, Written In Rust

You are seeing a high-performant, coroutines-driven, and fully customisable implementation of Low & Slow load generator designed for real-world pentesting. You can easily torify/proxify it using various platform-dependent utilities. Demonstration Advantages Coroutines-driven. Finshir uses...

A Go implementation of Poly1305 that makes sense

Poly1305 is a Message Authentication Code--a cryptographic primitive for authenticating a message with a shared secret key, like HMAC. Although its really a fraction of the complexity of e.g. elliptic curves, most of the implementations Ive read look decidedly like magic, mysteriously multiplying...

osquery Command And Control: Kolide

osquery Command And Control Kolide is an agentless osquery web interface and remote api server. Kolide uses the osquery remote apis to do ad-hoc distributed queries, osqueryd configurations and the collection and processing of scheduled queries packs. Kolide was designed to be extremely portable ...