CVE-2021-36154

HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursio ...

Continue Reading
CVE-2021-36153

Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests.Read More ...

Continue Reading
Juniper Junos OS Multiple DoS Vulnerabilities (JSA11167)

The version of Junos OS installed on the remote host is affected by multiple denial of service vulnerabilities as referenced in the JSA11167 advisory: - Some HTTP/2 implementations are vulnerable to ...

Continue Reading
[SECURITY] Fedora 34 Update: golang-github-containerd-ttrpc-1.1.0-1.fc34

GRPC for low-memory environments. The existing grpc-go project requires a lot of memory overhead for importing packages and at runtime. While this is great for many services with low den sity require ...

Continue Reading
[SECURITY] Fedora 35 Update: grpcurl-1.8.6-2.fc35

Like cURL, but for gRPC: Command-line tool for interacting with gRPC server s.Read More ...

Continue Reading
[SECURITY] Fedora 35 Update: golang-github-grpc-ecosystem-gateway-2-2.7.3-3.fc35

GRPC to JSON proxy generator following the gRPC HTTP spec.Read More ...

Continue Reading
Improper Authentication in etcd

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd c ...

Continue Reading
New UAC-0056 activity: There’s a Go Elephant in the room

_This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi._ UAC-0056 also known as SaintBear, UNC2589 and TA471 is a [cyber espionage actor]() that has been active since early 2021 ...

Continue Reading

Back to Main

Subscribe for the latest news: