604 matches found
Unprotected Storage of Credentials
Overview Affected versions of this package are vulnerable to Unprotected Storage of Credentials. An attacker can steal authentication credentials intended for the database server by performing an adversary-in-the-middle attack between the SQL client and the SQL server, even if the connection is...
PT-2023-35667 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue is identified, potentially causing a crash. The crash occurs in the processClientServerHello and processTLSBlock...
PT-2023-35669 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 2 crash has been reported. The crash occurs in the processClientServerHello function, specifically in the process tls and fuz...
Medium: openssh
Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...
Collabora Online Security Breach
Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A security vulnerability exists in Collabora Online versions prior to 23.5.602 that stems from vulnerability to modified...
Fedora 38 : llhttp / python-aiohttp / uxplay (2023-bc1f081ca0)
The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-bc1f081ca0 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...
PYSEC-2023-250
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...
[SECURITY] Fedora 37 Update: mariadb-10.5.23-1.fc37
MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...
[SECURITY] Fedora 39 Update: mariadb-10.5.23-1.fc39
MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...
CVE-2023-47627
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...
CRUD VS REST Explained
In the digital creation field, particularly web building, there exists two phrases that often become a riddle for neophytes and even seasoned coders: CRUD and REST. These pair of notions form the bedrock of knowledge in comprehending how information is tweaked and relayed across the World Wide We...
[SECURITY] Fedora 39 Update: community-mysql-8.0.35-1.fc39
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...
kernel: sctp: check send stream number after wait_for_sndbuf
In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc out stream count may change after waitforsndbuf. When the main thread in the client starts a connection, if its out stream count is...
golang: crypto/tls: slow verification of certificate chains containing large RSA keys
A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...
The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in Windows operating systems, which allows attackers to enhance their privileges
The vulnerability of the Client Server Run-Time Subsystem CSRSS in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2023-41766
Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...
CVE-2023-41766
Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...
CVE-2023-41766 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
...
CVE-2023-41766
Technical details for CVE-2023-41766 are not provided in the connected documents. Public information about affected components, root cause, impact, and fixes is not available here. Monitor for updates from official sources.
Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability
...