Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0840-1 Rating: important References: 1186458 Cross-References: CVE-2021-21212 CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528...

metasploit-framework

This repository is an offensive tool for Metasploit Framework. The Metasploit Framework is a powerful tool for penetration testing and vulnerability assessment. It provides a comprehensive platform for identifying and exploiting vulnerabilities in various systems and applications. The framework...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0825-1 Rating: important References: 1186458 Cross-References: CVE-2021-21212 CVE-2021-30521 CVE-2021-30522 CVE-2021-30523 CVE-2021-30524 CVE-2021-30525 CVE-2021-30526 CVE-2021-30527 CVE-2021-30528...

GHSA-8F4M-HCCC-8QPH Insertion of Sensitive Information into Log File in ansible

A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...

Denial of Service in varnish-modules version 0.18.0

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28543. Reason: This candidate is a duplicate of CVE-2021-28543. Notes: All CVE users should reference CVE-2021-28543 instead of this candidate...

GSD-2021-1000006 Denial of Service in varnish-modules version 0.18.0

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-28543. Reason: This candidate is a duplicate of CVE-2021-28543. Notes: All CVE users should reference CVE-2021-28543 instead of this candidate...

awesome-windows-exploitation

This is a curated list of Windows exploitation resources and tools. The repository is a collection of articles, tutorials, and tools for Windows exploitation, including stack overflows, heap overflows, and kernel-based Windows overflows. The list includes resources such as articles from Phrack, a...

CVE-2021-32619

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

Design/Logic Flaw

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

CVE-2021-32619 Static imports inside dynamically imported modules do not adhere to permission checks

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. In Deno versions 1.5.0 to 1.10.1, modules that are dynamically imported through import or new Worker might have been able to bypass network and file system permission checks when statically importing other modules...

Deno 授权问题漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. An authorization issue vulnerability exists in Deno versions 1.5.0 through 1.10.1, which arises from the fact that modules dynamically imported via import or new...

Trixbox 2.8.0.4 - (lang) Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

Mitsubishi Electric MELSEC iQ-R Series

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELSEC iQ-R Series Vulnerability: Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation of this vulnerability may prevent legitimate clients from...

Zope RCE Vulnerability (GHSA-5pr9-v234-jw36)

Zope is prone to a remote code execution RCE vulnerability via a traversal in TAL expressions. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Privilege Escalation

zope is vulnerable to privilege escalation. By default, only users with the Manager role can add or edit Zope Page Templates through the web. However, users are able access untrusted modules indirectly through Python modules that are available for direct use and sites that allow untrusted users t...

[SECURITY] Fedora 33 Update: slurm-20.11.7-1.fc33

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

[SECURITY] Fedora 34 Update: slurm-20.11.7-1.fc34

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

BEESCMS suffers from SQL injection vulnerability (CNVD-2021-40206)

BEESCMS adopts PHP+MYSQL, featuring multi-language system and easy expansion of content modules. BEESCMS has SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +160 more potentially affected by CVE-2021-29610 via tensorflow-gpu (>=1.10.1 <=2.1.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29610 Source advisory: OSV:GHSA-MQ5C-PRH3-3F3H...

arekit (>=0.21.0 <=0.22.1), arenets (>=0.23.0 <=0.23.1) +160 more potentially affected by CVE-2021-29593 via tensorflow-gpu (>=1.10.1 <=2.1.1)

tensorflow-gpu PYPI version =1.10.1, =0.21.0, =0.23.0, =0.9.2, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =1.0.3 - cctv-analysis =0.0.2 - chatbot-nlu =1.0.0 - classitransformers =0.0.1 and more Source cves: CVE-2021-29593 Source advisory: OSV:GHSA-CFX7-2XPC-8W4H...