X.Org X server, XWayland: Multiple Vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple vulnerabilities have been discovered in X.Org X server and XWayland. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

[SECURITY] Fedora 35 Update: glances-3.3.0.1-2.fc35

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

[SECURITY] Fedora 36 Update: glances-3.3.0.1-2.fc36

Glances is a cross-platform monitoring tool which aims to present a large amount of monitoring information through a curses or Web based interface. The information dynamically adapts depending on the size of the user interface It can also work in client/server mode. Remote monitoring could be don...

PT-2022-23375 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.5.0.101 Description: A vulnerability in the MiCollab Client server component could allow an authenticated attacker to conduct a Server-Side Request Forgery SSRF attack due to insufficient restriction of URL...

Microsoft Client Server Run-time Subsystem (CSRSS) Privilege Elevation Vulnerability

Microsoft Client Server Run-time Subsystem is a client/server run-time subsystem from Microsoft Corporation of the United States, manifested as the csrss.exe process. It is a component of the Windows NT operating system family, appearing in Windows NT 3.1 and later systems, providing the user mod...

CVE-2022-37989

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-37989

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-37987

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-37987

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-37989

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2022-37987

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

...

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

...

Siemens Industrial Edge Management 信任管理问题漏洞

Siemens Industrial Edge Management, a platform from Siemens Germany, is used to host applications from different vendors on a computing platform close to the shop floor. issue vulnerability, which stems from the fact that when initiating a TLS connection, the affected software does not properly...

Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞

Microsoft Client Server Run-time Subsystem is a client/server run-time subsystem from Microsoft Corporation of the United States, manifested as the csrss.exe process. It is a component of the Windows NT operating system family, appearing in Windows NT 3.1 and later systems, and provides the user...

PT-2022-5363 · Microsoft · Windows Client Server Run-Time Subsystem +1

Name of the Vulnerable Software and Affected Versions: Windows Client Server Run-time Subsystem CSRSS affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Client Server Run-time Subsystem CSRSS. It is associated with an...

PT-2022-5358 · Microsoft · Windows Client Server Run-Time Subsystem +1

Name of the Vulnerable Software and Affected Versions: Windows Client Server Run-time Subsystem CSRSS affected versions not specified Description: The issue is related to insufficient access control in the Windows Client Server Run-time Subsystem CSRSS, which can be exploited to elevate privilege...

Java-Remote-Class-Loader - Tool to send Java bytecode to your victims to load and execute using Java ClassLoader together with Reflect API

This tool allows you to send Java bytecode in the form of class files to your clients or potential targets to load and execute using Java ClassLoader together with Reflect API. The client receives the class file from the server and return the respective execution output. Payloads must be written ...

Code injection

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room...

CVE-2022-39252

CVE-2022-39252 affects matrix-rust-sdk (and matrix-sdk-crypto). Before 0.6, forwarded room keys could be accepted without verifying the origin device, enabling a homeserver to insert keys of questionable validity and potentially mount an impersonation attack. The issue is fixed in version 0.6. Re...