<!DOCTYPE html> <html lang="en"> <head> <title>Open Source Security Mailing List</title> <link rel="alternate" type="application/rss+xml" title="RSS" href="https://seclists.org/rss/oss-sec.rss"> <meta name="description" content="SecLists.org archive for the Open Source Security mailing list: Discussion of security flaws, concepts, and practices in the Open Source community"> <link rel="canonical" href="https://seclists.org/oss-sec/"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="theme-color" content="#2A0D45"> <link rel="preload" as="image" href="/images/sitelogo.png" imagesizes="168px" imagesrcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x"> <link rel="preload" as="image" href="/shared/images/nst-icons.svg"> <link rel="stylesheet" href="/shared/css/nst.css?v=2"> <script async src="/shared/js/nst.js?v=2"></script> <link rel="stylesheet" href="/shared/css/nst-foot.css?v=2" media="print" onload="this.media='all'"> <link rel="stylesheet" href="/site.css"> <!--Google Analytics Code--> <link rel="preload" href="https://www.google-analytics.com/analytics.js" as="script"> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-11009417-1', 'auto'); ga('send', 'pageview'); </script> <!--END Google Analytics Code--> <META NAME="ROBOTS" CONTENT="NOARCHIVE"> <link rel="shortcut icon" href="/shared/images/tiny-eyeicon.png" type="image/png"> </head> <body><div id="nst-wrapper"> <div id="menu"> <div class="blur"> <header id="nst-head"> <a id="menu-open" href="#menu" aria-label="Open menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#menu"> </a> <a id="menu-close" href="#" aria-label="Close menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#close"> </a> <a id="nst-logo" href="/" aria-label="Home page"> <img alt="Home page logo" srcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x" src="/images/sitelogo.png" onerror="this.onerror=null;this.srcset=this.src" height=90 width=168></a> <nav id="nst-gnav"> <a class="nlink" href="https://nmap.org/">Nmap.org</a> <a class="nlink" href="https://npcap.com/">Npcap.com</a> <a class="nlink" href="https://seclists.org/">Seclists.org</a> <a class="nlink" href="https://sectools.org">Sectools.org</a> <a class="nlink" href="https://insecure.org/">Insecure.org</a> </nav> <form class="nst-search" id="nst-head-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> </header> </div> </div> <main id="nst-content"> <img src="/images/oss-sec-logo.png" width="80" class="l-logo right" alt="oss-sec logo"><h1 class="list-title">Open Source Security Mailing List</h1><ul class="inline"><li class="first"><a href="/oss-sec/2024/q4/index.html"><img src="/images/current-icon-16x16.png" width=16 height=16 alt="Current period icon">Current Quarter</a> <li><a href="/rss/oss-sec.rss"><img src="/images/feed-icon-16x16.png" width=16 height=16 alt="RSS icon">RSS Feed</a> <li><a href="http://oss-security.openwall.org/wiki/mailing-lists/oss-security"><img src="/images/about-icon-16x16.png" width=16 height=16 alt="About icon">About List</a> <li><a href="/"><img src="/images/up-icon-16x16.png" width=16 height=16 alt="Up icon">All Lists</a> </ul> <p class="l-abstract">Discussion of security flaws, concepts, and practices in the Open Source community</p> <form class="nst-search center" action="/search/oss-sec"> <input class="nst-search-q" name="q" type="search" placeholder="List Archive Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> <h2>List Archives</h2> <ul class="calendar Quarterly"> <li class="period">Jan&ndash;Mar<li class="period">Apr&ndash;Jun<li class="period">Jul&ndash;Sep<li class="period">Oct&ndash;Dec<li class="year">2024<li class="q1"><a href="/oss-sec/2024/q1/">358</a> <li class="q2"><a href="/oss-sec/2024/q2/">314</a> <li class="q3"><a href="/oss-sec/2024/q3/">293</a> <li class="q4"><a href="/oss-sec/2024/q4/">124</a> <li class="year">2023<li class="q1"><a href="/oss-sec/2023/q1/">220</a> <li class="q2"><a href="/oss-sec/2023/q2/">284</a> <li class="q3"><a href="/oss-sec/2023/q3/">269</a> <li class="q4"><a href="/oss-sec/2023/q4/">356</a> <li class="year">2022<li class="q1"><a href="/oss-sec/2022/q1/">212</a> <li class="q2"><a href="/oss-sec/2022/q2/">220</a> <li class="q3"><a href="/oss-sec/2022/q3/">239</a> <li class="q4"><a href="/oss-sec/2022/q4/">273</a> <li class="year">2021<li class="q1"><a href="/oss-sec/2021/q1/">281</a> <li class="q2"><a href="/oss-sec/2021/q2/">236</a> <li class="q3"><a href="/oss-sec/2021/q3/">193</a> <li class="q4"><a href="/oss-sec/2021/q4/">182</a> <li class="year">2020<li class="q1"><a href="/oss-sec/2020/q1/">131</a> <li class="q2"><a href="/oss-sec/2020/q2/">219</a> <li class="q3"><a href="/oss-sec/2020/q3/">211</a> <li class="q4"><a href="/oss-sec/2020/q4/">241</a> <li class="year">2019<li class="q1"><a href="/oss-sec/2019/q1/">199</a> <li class="q2"><a href="/oss-sec/2019/q2/">237</a> <li class="q3"><a href="/oss-sec/2019/q3/">257</a> <li class="q4"><a href="/oss-sec/2019/q4/">176</a> <li class="year">2018<li class="q1"><a href="/oss-sec/2018/q1/">287</a> <li class="q2"><a href="/oss-sec/2018/q2/">256</a> <li class="q3"><a href="/oss-sec/2018/q3/">284</a> <li class="q4"><a href="/oss-sec/2018/q4/">279</a> <li class="year">2017<li class="q1"><a href="/oss-sec/2017/q1/">701</a> <li class="q2"><a href="/oss-sec/2017/q2/">658</a> <li class="q3"><a href="/oss-sec/2017/q3/">596</a> <li class="q4"><a href="/oss-sec/2017/q4/">437</a> <li class="year">2016<li class="q1"><a href="/oss-sec/2016/q1/">738</a> <li class="q2"><a href="/oss-sec/2016/q2/">637</a> <li class="q3"><a href="/oss-sec/2016/q3/">689</a> <li class="q4"><a href="/oss-sec/2016/q4/">788</a> <li class="year">2015<li class="q1"><a href="/oss-sec/2015/q1/">1068</a> <li class="q2"><a href="/oss-sec/2015/q2/">839</a> <li class="q3"><a href="/oss-sec/2015/q3/">658</a> <li class="q4"><a href="/oss-sec/2015/q4/">618</a> <li class="year">2014<li class="q1"><a href="/oss-sec/2014/q1/">714</a> <li class="q2"><a href="/oss-sec/2014/q2/">711</a> <li class="q3"><a href="/oss-sec/2014/q3/">886</a> <li class="q4"><a href="/oss-sec/2014/q4/">1185</a> <li class="year">2013<li class="q1"><a href="/oss-sec/2013/q1/">777</a> <li class="q2"><a href="/oss-sec/2013/q2/">648</a> <li class="q3"><a href="/oss-sec/2013/q3/">688</a> <li class="q4"><a href="/oss-sec/2013/q4/">583</a> <li class="year">2012<li class="q1"><a href="/oss-sec/2012/q1/">815</a> <li class="q2"><a href="/oss-sec/2012/q2/">578</a> <li class="q3"><a href="/oss-sec/2012/q3/">591</a> <li class="q4"><a href="/oss-sec/2012/q4/">549</a> <li class="year">2011<li class="q1"><a href="/oss-sec/2011/q1/">640</a> <li class="q2"><a href="/oss-sec/2011/q2/">738</a> <li class="q3"><a href="/oss-sec/2011/q3/">550</a> <li class="q4"><a href="/oss-sec/2011/q4/">591</a> <li class="year">2010<li class="q1"><a href="/oss-sec/2010/q1/">291</a> <li class="q2"><a href="/oss-sec/2010/q2/">376</a> <li class="q3"><a href="/oss-sec/2010/q3/">465</a> <li class="q4"><a href="/oss-sec/2010/q4/">383</a> <li class="year">2009<li class="q1"><a href="/oss-sec/2009/q1/">250</a> <li class="q2"><a href="/oss-sec/2009/q2/">264</a> <li class="q3"><a href="/oss-sec/2009/q3/">272</a> <li class="q4"><a href="/oss-sec/2009/q4/">304</a> <li class="year">2008<li class="q1"><a href="/oss-sec/2008/q1/">206</a> <li class="q2"><a href="/oss-sec/2008/q2/">390</a> <li class="q3"><a href="/oss-sec/2008/q3/">402</a> <li class="q4"><a href="/oss-sec/2008/q4/">358</a> </ul> <h2>Latest Posts</h2> <!-- MHonArc v2.6.19 --> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/123">Re: Local Privilege Escalations in needrestart</a></strong> <em>Mark Esler (Nov 26)</em><br> The security fix for CVE-2024-48991, 6ce6136 (“core: prevent race<br> condition on /proc/$PID/exec evaluation”) [0], introduced a regression<br> which was subsequently fixed 42af5d3 (&quot;core: fix regression of false<br> positives for processes running in chroot or mountns (#317)&quot;) [1].<br> <br> Many thanks to Ivan Kurnosov and Salvatore Bonaccorso for their review.<br> <br> [0] <a rel="nofollow" href="https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59">https://github.com/liske/needrestart/commit/6ce6136cccc307c6b8a0f8cae12f9a22ac2aad59</a>...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/122">CVE-2024-51569: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in Number of Completed Packets HCI event handler</a></strong> <em>Szymon Janc (Nov 26)</em><br> Severity: low<br> <br> Affected versions:<br> <br> - Apache NimBLE through 1.7.0<br> <br> Description:<br> <br> Out-of-bounds Read vulnerability in Apache NimBLE.<br> <br> Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event <br> and invalid read from HCI transport memory.<br> This issue requires broken or bogus Bluetooth controller and thus severity is considered low.<br> This issue affects Apache NimBLE: through 1.7.0.<br> <br> Users are...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/121">CVE-2024-47250: Apache NimBLE: Lack of input validation in HCI advertising report could lead to potential out-of-bound access</a></strong> <em>Szymon Janc (Nov 26)</em><br> Severity: low<br> <br> Affected versions:<br> <br> - Apache NimBLE through 1.7.0<br> <br> Description:<br> <br> Out-of-bounds Read vulnerability in Apache NimBLE.<br> <br> Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus <br> bogus GAP &apos;device found&apos; events being sent.<br> This issue requires broken or bogus Bluetooth controller and thus severity is considered low.<br> This issue affects Apache NimBLE: through 1.7.0....<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/120">CVE-2024-47249: Apache NimBLE: Lack of input sanitization leading to out-of-bound reads in multiple advertisement handler</a></strong> <em>Szymon Janc (Nov 26)</em><br> Severity: low<br> <br> Affected versions:<br> <br> - Apache NimBLE through 1.7.0<br> <br> Description:<br> <br> Improper Validation of Array Index vulnerability in Apache NimBLE.<br> <br> Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash.<br> This issue requires broken or bogus Bluetooth controller and thus severity is considered low.<br> This issue affects Apache NimBLE: through 1.7.0.<br> <br> Users are recommended to upgrade to version...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/119">CVE-2024-47248: Apache NimBLE: Buffer overflow in NimBLE MESH Bluetooth stack</a></strong> <em>Szymon Janc (Nov 26)</em><br> Severity: important<br> <br> Affected versions:<br> <br> - Apache NimBLE through 1.7.0<br> <br> Description:<br> <br> Buffer Copy without Checking Size of Input (&apos;Classic Buffer Overflow&apos;) vulnerability in Apache NimBLE.<br> <br> Specially crafted MESH message could result in memory corruption when non-default build configuration is used.<br> This issue affects Apache NimBLE: through 1.7.0.<br> <br> Users are recommended to upgrade to version 1.8.0, which fixes the issue.<br> <br> Credit:<br> <br> Wei...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/118">Re: Article: State of Sandboxing in Linux</a></strong> <em>Ali Polatel (Nov 25)</em><br> Your argument makes no sense and makes me believe you&apos;re either ignorant<br> or borderline trolling, however I&apos;ll try one last time:<br> <br> Here is a comprehensive list of technologies that sydbox uses:<br> 1. seccomp-bpf<br> 2. seccomp-unotify<br> 3. landlock<br> 4. namespaces (including user namespaces)<br> 5. ptrace<br> 6. MDWE<br> <br> Out of the technologies listed above only ptrace is considerably<br> older to the point you can consider it &quot;pre-containerization&quot;....<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/117">Re: Article: State of Sandboxing in Linux</a></strong> <em>Evan Carroll (Nov 25)</em><br> Historically, there were 10,000 different ways to sandbox things. From<br> chroots, to firejails. I however don&apos;t understand why anyone would<br> entertain any of these pre-containerization methods today. That&apos;s why I&apos;m<br> questioning what&apos;s the purpose of comparing different sandboxing methods in<br> isolation of the current status quo -- containerization. Why would anyone<br> want sydbox (whatever it is) over rootless podman?<br> <br> By the way, you...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/116">Re: Article: State of Sandboxing in Linux</a></strong> <em>Ali Polatel (Nov 25)</em><br> Thank you!<br> <br> Thank you for taking the time to explain this. It makes more sense now.<br> Hiding paths is a feature i work on sydbox as well. Our main goal with<br> this, however, is not really security, rather we want to ensure each and every<br> package build can only &quot;see&quot; the files it depends on (directly or indirectly).<br> This is going to effectively prevent automagic dependencies[1] at sandbox level<br> and bring us one step closer to hermetic builds...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/115">Re: Article: State of Sandboxing in Linux</a></strong> <em>Ali Polatel (Nov 25)</em><br> You&apos;re comparing apples and oranges. podman is a container engine that gives<br> you isolation. You can use a sandboxing solution on top, such as gVisor or<br> syd-oci to provide a security boundary.<br> <br> I appreciate your feedback regardless. I can see how the article may have been<br> confusing for you. However that confusion stems from an important misunderstanding:<br> Namespaces provide isolation, not necessarily security.<br> <br> Best regards,<br> Ali Polatel<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/114">Re: Article: State of Sandboxing in Linux</a></strong> <em>Eli Schwartz (Nov 25)</em><br> You might want &quot;sydbox&quot;, though I wouldn&apos;t know.<br> <br> I can definitely tell you that you do not want Gentoo&apos;s sandbox, which<br> isn&apos;t a security technology at all. It&apos;s an LD_PRELOAD mechanism, and<br> thus easily defeated by malicious software, which assumes that it is<br> being used as a &quot;sandbox&quot; for innocent software that is perhaps badly<br> written to run inside, and interjects code on regular file accesses to<br> check...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/113">Re: Article: State of Sandboxing in Linux</a></strong> <em>Evan Carroll (Nov 24)</em><br> A lot of words on that one,<br> <br> Not sure if you&apos;re the author of the paper. But off the get go, I&apos;m<br> extremely confused. I wanted to give my critique on the paper instead of<br> the technology. My experience with &quot;user-space sandboxing&quot; is kernel<br> user-namespaces. My interface to them is podman. It&apos;s not clear what this<br> &quot;sandbox&quot; offers that podman&apos;s rootless mode does not. I believe I&apos;m in the<br> majority with...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/112">Re: Article: State of Sandboxing in Linux</a></strong> <em>Mickaël Salaün (Nov 24)</em><br> Nice article! I somehow miss this email...<br> <br> This is neither a bug nor a feature, but a current limitation<br> highlighted in the documentation:<br> <a rel="nofollow" href="https://docs.kernel.org/userspace-api/landlock.html#filesystem-flags">https://docs.kernel.org/userspace-api/landlock.html#filesystem-flags</a><br> This limitation is due to the current path-based LSM hooks (e.g. also<br> used by AppArmor and Tomoyo), but we plan to address that:<br> <a rel="nofollow" href="https://github.com/landlock-lsm/linux/issues/9">https://github.com/landlock-lsm/linux/issues/9</a><br> <br> Sandboxer tools using Landlock may mislead users to think this...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/111">CVE-2024-45719: Apache Answer: Predictable Authorization Token Using UUIDv1</a></strong> <em>Enxin Xie (Nov 22)</em><br> Severity: important<br> <br> Affected versions:<br> <br> - Apache Answer through 1.4.0<br> <br> Description:<br> <br> Inadequate Encryption Strength vulnerability in Apache Answer.<br> <br> This issue affects Apache Answer: through 1.4.0.<br> <br> The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to <br> be predictable.<br> Users are recommended to upgrade to version 1.4.1, which fixes the issue.<br> <br> Credit:<br> <br> Chi Tran from Eevee (reporter)...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/110">CVE-2024-52067: Apache NiFi: Potential Insertion of Sensitive Parameter Values in Debug Log</a></strong> <em>David Handermann (Nov 20)</em><br> Affected versions:<br> <br> - Apache NiFi 1.16.0 through 1.28.0<br> - Apache NiFi 2.0.0-M1 through 2.0.0-M4<br> <br> Description:<br> <br> Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context <br> values during the flow synchronization process. An authorized administrator with access to change logging levels could <br> enable debug logging for framework flow synchronization, causing the application to write Parameter...<br> </p> <p class="excerpt"> <strong><a href="https://seclists.org/oss-sec/2024/q4/109">[kubernetes] CVE-2024-10220: Arbitrary command execution through gitRepo volume</a></strong> <em>Craig Ingram (Nov 20)</em><br> Hello Kubernetes Community,<br> <br> A security vulnerability was discovered in Kubernetes that could allow a<br> user with the ability to create a pod and associate a gitRepo volume to<br> execute arbitrary commands beyond the container boundary. This<br> vulnerability leverages the hooks folder in the target repository to run<br> arbitrary commands outside of the container&apos;s boundary.<br> <br> Please note that this issue was originally publicly disclosed with a fix in...<br> </p> <!-- MHonArc v2.6.19 --> <h2>More Lists</h2> <p> Dozens of other network security lists are archived at <a href="https://seclists.org/">SecLists.Org</a>. </p> </main><!-- content --> <footer id="nst-foot"> <form class="nst-search" id="nst-foot-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> <div class="flexlists"> <div class="fl-unit"> <h2><a class="nlink" href="https://nmap.org/">Nmap Security Scanner</a></h2> <ul> <li><a class="nlink" href="https://nmap.org/book/man.html">Ref Guide</a> <li><a class="nlink" href="https://nmap.org/book/install.html">Install Guide</a> <li><a class="nlink" href="https://nmap.org/docs.html">Docs</a> <li><a class="nlink" href="https://nmap.org/download.html">Download</a> <li><a class="nlink" href="https://nmap.org/oem/">Nmap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://npcap.com/">Npcap packet capture</a></h2> <ul> <li><a class="nlink" href="https://npcap.com/guide/">User's Guide</a> <li><a class="nlink" href="https://npcap.com/guide/npcap-devguide.html#npcap-api">API docs</a> <li><a class="nlink" href="https://npcap.com/#download">Download</a> <li><a class="nlink" href="https://npcap.com/oem/">Npcap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://seclists.org/">Security Lists</a></h2> <ul> <li><a class="nlink" href="https://seclists.org/nmap-announce/">Nmap Announce</a> <li><a class="nlink" href="https://seclists.org/nmap-dev/">Nmap Dev</a> <li><a class="nlink" href="https://seclists.org/fulldisclosure/">Full Disclosure</a> <li><a class="nlink" href="https://seclists.org/oss-sec/">Open Source Security</a> <li><a class="nlink" href="https://seclists.org/dataloss/">BreachExchange</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://sectools.org">Security Tools</a></h2> <ul> <li><a class="nlink" href="https://sectools.org/tag/vuln-scanners/">Vuln scanners</a> <li><a class="nlink" href="https://sectools.org/tag/pass-audit/">Password audit</a> <li><a class="nlink" href="https://sectools.org/tag/web-scanners/">Web scanners</a> <li><a class="nlink" href="https://sectools.org/tag/wireless/">Wireless</a> <li><a class="nlink" href="https://sectools.org/tag/sploits/">Exploitation</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://insecure.org/">About</a></h2> <ul> <li><a class="nlink" href="https://insecure.org/fyodor/">About/Contact</a> <li><a class="nlink" href="https://insecure.org/privacy.html">Privacy</a> <li><a class="nlink" href="https://insecure.org/advertising.html">Advertising</a> <li><a class="nlink" href="https://nmap.org/npsl/">Nmap Public Source License</a> </ul> </div> <div class="fl-unit social-links"> <a class="nlink" href="https://twitter.com/nmap" title="Visit us on Twitter"> <img width="32" height="32" src="/shared/images/nst-icons.svg#twitter" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://facebook.com/nmap" title="Visit us on Facebook"> <img width="32" height="32" src="/shared/images/nst-icons.svg#facebook" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://github.com/nmap/" title="Visit us on Github"> <img width="32" height="32" src="/shared/images/nst-icons.svg#github" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://reddit.com/r/nmap/" title="Discuss Nmap on Reddit"> <img width="32" height="32" src="/shared/images/nst-icons.svg#reddit" alt="" aria-hidden="true"> </a> </div> </div> </footer> </div><!-- wrapper --> </body> </html>