Medium: openssh

Issue Overview: AWS is aware of CVE-2023-48795, also known as Terrapin, which is found in the SSH protocol and affects SSH channel integrity. A protocol extension has been introduced by OpenSSH which needs to be applied to both the client and the server in order to address this issue. We recommen...

Collabora Online Security Breach

Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A security vulnerability exists in Collabora Online versions prior to 23.5.602 that stems from vulnerability to modified...

Fedora 38 : llhttp / python-aiohttp / uxplay (2023-bc1f081ca0)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-bc1f081ca0 advisory. Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 python-aiohttp 3.8.6 2023-10-07...

PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request e.g. to insert a new header or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the...

[SECURITY] Fedora 37 Update: mariadb-10.5.23-1.fc37

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

[SECURITY] Fedora 39 Update: mariadb-10.5.23-1.fc39

MariaDB is a community developed fork from MySQL - a multi-user, multi-thread ed SQL database server. It is a client/server implementation consisting of a server daemon mariadbd and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs...

CVE-2023-47627

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled or not using a prebuilt wheel. These bugs have...

CRUD VS REST Explained

In the digital creation field, particularly web building, there exists two phrases that often become a riddle for neophytes and even seasoned coders: CRUD and REST. These pair of notions form the bedrock of knowledge in comprehending how information is tweaked and relayed across the World Wide We...

[SECURITY] Fedora 39 Update: community-mysql-8.0.35-1.fc39

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

kernel: sctp: check send stream number after wait_for_sndbuf

In the Linux kernel, the following vulnerability has been resolved: sctp: check send stream number after waitforsndbuf This patch fixes a corner case where the asoc out stream count may change after waitforsndbuf. When the main thread in the client starts a connection, if its out stream count is...

golang: crypto/tls: slow verification of certificate chains containing large RSA keys

A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying...

The vulnerability of the Client Server Run-Time Subsystem (CSRSS) in Windows operating systems, which allows attackers to enhance their privileges

The vulnerability of the Client Server Run-Time Subsystem CSRSS in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2023-41766

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2023-41766

Windows Client Server Run-time Subsystem CSRSS Elevation of Privilege Vulnerability...

CVE-2023-41766

Technical details for CVE-2023-41766 are not provided in the connected documents. Public information about affected components, root cause, impact, and fixes is not available here. Monitor for updates from official sources.

CVE-2023-41766 Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

...

Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability

...

Microsoft Client Server Run-time Subsystem Security Vulnerability

The Microsoft Client Server Run-time Subsystem is a client/server run-time subsystem from Microsoft Corporation in the United States that manifests itself as the csrss.exe process. It is a component of the Windows NT family of operating systems, appearing in Windows NT 3.1 and subsequent systems,...

[SECURITY] Fedora 38 Update: community-mysql-8.0.34-2.fc38

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

Fedora: Security Advisory for libqb (FEDORA-2023-5a717dd33d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...