SUSE-SU-2025:3951-1 Security update for runc

This update for runc fixes the following issues: - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. - CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. - CVE-2025-52881: Fixed...

Security update for runc

This update for runc fixes the following issues: CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions bsc1252232. CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races bsc1252232. CVE-2025-52881: Fixed...

UBUNTU-CVE-2025-52565

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting /dev/pts/$n to /dev/console inside the container, an attacker can...

Zephyr Project Manager < 3.2.55 - Unauthorised AJAX Calls To Stored XSS

The plugin does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks...

Malicious Package

Overview ui-extensions-dev-console-app is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

GHSA-4HJQ-422Q-4VPX Mautic vulnerable to secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

h1-ctf: [h1ctf-Grinch Networks] MrR3b00t Saving the Christmas

Disclaimer: Certain things are a bit modified to set the pieces for the story. Also you can find the flags for all 12 challenges in file F1138300 , Now enjoy : █▀▄▀█ █▀█ ░ █▀█ █▄▄ █▀█ █▀█ ▀█▀ █░▀░█ █▀▄ ▄ █▀▄ █▄█ █▄█ █▄█ ░█░ saves the Christmas Episode - 0x00 Pil0t.py It was a gloomy clear night,...

linux/x86 cat /dev/urandom &gt; /dev/console, just for kicks - 63 bytes

No description provided by source. / linux/x86 cat /dev/urandom /dev/console, no real profit just for kicks - 63 bytes - izik [email protected] / char shellcode = "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x68\x6e\x64\x6f\x6d" // push $0x6d6f646e "\x68\x2f\x75\x72\x61" // push $0x6172752f...

linux/x86 cat /dev/urandom &gt; /dev/console just for kicks - 63 bytes

No description provided by source. / linux/x86 cat /dev/urandom /dev/console, no real profit just for kicks - 63 bytes - izik [email protected] / char shellcode = "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x68\x6e\x64\x6f\x6d" // push $0x6d6f646e "\x68\x2f\x75\x72\x61" // push $0x6172752f...

linux/x86 cat /dev/urandom > /dev/console 63 bytes

linux/x86 cat /dev/urandom /dev/console, just for kicks - 63 bytes. Shellcode exploit for linx86 platform / linux/x86 cat /dev/urandom /dev/console, no real profit just for kicks - 63 bytes - izik / char shellcode = "\x31\xc9" // xor %ecx,%ecx "\x51" // push %ecx "\x68\x6e\x64\x6f\x6d" // push...