Important: Red Hat Security Advisory: go-toolset:rhel8 security and bug fix update

An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

go-toolset:rhel8 security and bug fix update

An update is available for delve, golang, go-toolset. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming language tools and...

Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 For more details about the...

ALSA-2021:5160 Important: go-toolset:rhel8 security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http: limit growth of header canonicalization cache CVE-2021-44716 golang: syscall: don't close fd 0 on ForkExec error CVE-2021-44717 For more details about the...

RHEL 8 : go-toolset:rhel8 (RHSA-2021:5160)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5160 advisory. Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: net/http:...

Google Golang 资源管理错误漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

go -- multiple vulnerabilities

The Go project reports: net/http: limit growth of header canonicalization cache. An attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests. syscall: don’t close fd 0 on ForkExec error. When a Go program running on a Unix system is out of file descriptors and calls...

RHEL 6 : kernel (RHSA-2021:0181)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0181 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Kernel: x8632: BUG in syscall auditing...

glibc security update

2.28-164.0.1 - Merge of RH patches for ol8-u5 beta release Review-exception: Routine merge - Provide glibc.pthread.mutexspincount tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for...

Privilege Escalation

webkit2gtk is vulnerable to privilege escalation. The vulnerability exists due to a VFS syscalls that manipulate its filesystem namespace that allows an attacker to escalate its privilege...

Direct windows syscall evasion technique

This module allows you to generate a Windows EXE that evades Host-based security products such as EDR/AVs. It uses direct windows syscalls to achieve stealthiness, and avoid EDR hooking. please try to use payloads that use a more secure transfer channel such as HTTPS or RC4 in order to avoid...

Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160

ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...

CLSA-2021-1632262269 Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160

ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...

Google Asylo memory read vulnerability

Google Asylo is a framework for developing trusted applications from Google, a US-based company. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation.Google Asylo in version 0.6.1 has a memory read vulnerability vulnerability...

Input validation

An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asy...

CVE-2021-22552 Memory overread secure enclave in Asylo 0.6.2

An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asy...

CVE-2021-22552

The CVE-2021-22552 entry concerns Google Asylo up to version 0.6.1, where an untrusted memory read vulnerability exists. The issue arises when an attacker can pass a syscall number in MessageReader, which is then used by sysno() and can bypass validation, enabling memory reads from within the sec...

Google Asylo 缓冲区错误漏洞

Google Asylo is a framework for developing trusted applications from Google, a US-based company. The software supports the creation of a trusted execution environment, including software isolation and hardware isolation.Google Asylo in version 0.6.1 has a memory read vulnerability vulnerability...

CVE-2017-5715

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

Linux/x86 Bindshell With Dynamic Port Binding Shellcode (102 bytes)

Exploit Title: Linux/x86 - bindshell with dynamic shellcode port binding size: 102 bytes Exploit Author: d7x Tested on: Ubuntu x86 / x86 bindshell with dynamic shellcode port binding size: 102 bytes tested on Ubuntu 12.04 LTS Author: d7x https://d7x.promiselabs.net/ https://www.promiselabs.net/ /...