Security update for irssi (moderate)

openSUSE Security Update: Security update for irssi Announcement ID: openSUSE-SU-2021:0587-1 Rating: moderate References: 1184848 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for irssi fixes the following issues: irssi...

Handlebars Remote Code Execution Vulnerability

Handlebars is a semantic Web template system. A remote code execution vulnerability exists in Handlebars versions prior to 4.7.7, which stems from Handlebars being susceptible to Remote Code Execution RCE attacks when certain compilation options are selected to compile templates from untrusted...

handlebars 安全漏洞

Handlebars is a semantic Web template system. A remote code execution vulnerability exists in Handlebars versions prior to 4.7.7, which stems from Handlebars being susceptible to Remote Code Execution RCE attacks when certain compilation options are selected to compile templates from untrusted...

OPENSUSE-SU-2021:0542-1 Security update for tpm2-tss-engine

This update for tpm2-tss-engine fixes the following issues: - Added support to disable fixed compilation flags - Added --disable-defaultflags during compilation to avoid breakage of our gcc-PIE profile resulted in non-position-independent executable tpm2-tss-genkey, bsc1183895 This update was...

SUSE SLED15 / SLES15 Security Update : tpm2-tss-engine (SUSE-SU-2021:1113-1)

This update for tpm2-tss-engine fixes the following issues : Added support to disable fixed compilation flags Added --disable-defaultflags during compilation to avoid breakage of our gcc-PIE profile resulted in non-position-independent executable tpm2-tss-genkey, bsc1183895 Note that Tenable...

SUSE-SU-2021:1113-1 Security update for tpm2-tss-engine

This update for tpm2-tss-engine fixes the following issues: - Added support to disable fixed compilation flags - Added --disable-defaultflags during compilation to avoid breakage of our gcc-PIE profile resulted in non-position-independent executable tpm2-tss-genkey, bsc1183895...

perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive Sstudychunk calls...

SYS.2.3.A5

Wenn zu installierende Software aus dem Quellcode kompiliert werden soll, DARF diese NUR unter einem unprivilegierten Benutzeraccount entpackt, konfiguriert und uebersetzt werden. Anschliessend DARF die zu installierende Software NICHT unkontrolliert in das Wurzeldateisystem des Betriebssystems...

SYS.1.3.A5

Wenn zu installierende Software aus Quellcode kompiliert werden soll, DARF diese NUR unter einem unprivilegierten Benutzeraccount entpackt, konfiguriert und uebersetzt werden. Anschliessend DARF diezu installierende Software NICHT unkontrolliert in das Wurzeldateisystem des Servers installiert...

Gargamel - A Forensic Evidence Acquirer

A Forensic Evidence Acquirer Compile Assuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release build type cargo build --release Debug build can be compiled using cargo build Compiled executable is located at target/release/gargamel.exe or...

Apport 2.20 - Local Privilege Escalation

Exploit Title: Apport 2.20 - Local Privilege Escalation Date: 18/02/21 Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Appor...

Apport 2.20 Privilege Escalation

Exploit Title: Apport 2.20 - Local Privilege Escalation Date: 18/02/21 Exploit Author: Gr33nh4t Vendor Homepage: https://ubuntu.com/ Version: Apport: Ubuntu 20.10 - Before 2.20.11-0ubuntu50.5 Apport: Ubuntu 20.04 - Before 2.20.11-0ubuntu27.16 Apport: Ubuntu 18.04 - Before 2.20.9-0ubuntu7.23 Appor...

Geacon - Implement CobaltStrike's Beacon In Go

Using Go to implement CobaltStrike's Beacon This project is for learningprotocol analysis and reverse engineering only, if someone's rights have been violated, please contact me to remove the project, and the last DO NOT USE IT ILLEGALLY How to play 1. Setup the teamserver and start a http...

Soundness issues in `raw-cpuid`

Undefined behavior in asstring methods VendorInfo::asstring, SoCVendorBrand::asstring, and ExtendedFunctionInfo::processorbrandstring construct byte slices using std::slice::fromrawparts, with data coming from reprRust structs. This is always undefined behavior. See...

Remote Code Execution (RCE)

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source. POC // compile the template var s = with lookupGett...

Prototype Pollution

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. POC // compile the template var s2 = 'a/." ||...

OPENSUSE-SU-2020:2304-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: -webkit2gtk3 was updated to version 2.30.3 bsc1179122 bsc1179451: - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code...

SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2020:3864-1)

This update for webkit2gtk3 fixes the following issues : -webkit2gtk3 was updated to version 2.30.3 bsc1179122 bsc1179451 : - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code...

SUSE-SU-2020:3864-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: -webkit2gtk3 was updated to version 2.30.3 bsc1179122 bsc1179451: - CVE-2021-13543: Fixed a use after free which could have led to arbitrary code execution. - CVE-2021-13584: Fixed a use after free which could have led to arbitrary code...

mariadb-connector-c security, bug fix, and enhancement update

An update is available for mariadb-connector-c. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The MariaDB Native Client library C driver is used to connect...