CVE-2023-1428

There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x != ...

Continue Reading
CVE-2023-32732

gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disco ...

Continue Reading
CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...

Continue Reading
(RHSA-2023:1325) Important: OpenShift Container Platform 4.13.0 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - MEDIUM

Security Bulletin: Open Source Dependency Vulnerability

## Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. ## Vulnerability Details ** CVEID: **[CVE-2020-15112]() ** DESCRIPTION: **etcd is vulnerable to a denial of service, caused ...

Continue Reading

CVSS3 - HIGH

CVSS2 - MEDIUM

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-165)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-165 advisory. - Envoy is an open source edge and service proxy designed for cloud-native applications. Prior ...

Continue Reading

CVSS3 - CRITICAL

(RHSA-2023:2097) Important: Satellite 6.13 Release

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized too ...

Continue Reading

CVSS3 - CRITICAL

CVSS2 - HIGH

CVE-2023-27487

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks a ...

Continue Reading

CVSS3 - CRITICAL

Back to Main

Subscribe for the latest news: