Improper Authentication in etcd

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd c ...

Continue Reading
New UAC-0056 activity: There’s a Go Elephant in the room

_This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi._ UAC-0056 also known as SaintBear, UNC2589 and TA471 is a [cyber espionage actor]() that has been active since early 2021 ...

Continue Reading
CVE-2022-24777

grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachabl ...

Continue Reading
CVE-2018-17453

GRPC::Unknown logging token disclosureRead More ...

Continue Reading
Virtuozzo Hybrid Server 7.5 Update 3 (7.5.3-391)

Virtuozzo Hybrid Server 7.5 Update 3 introduces new features and provides stability and usability bug fixes. It also introduces a new kernel 3.10.0-1160.53.1.vz7.185.3. **Vulnerability id:** PSBM-1332 ...

Continue Reading
Improper Authentication in etcd

etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd c ...

Continue Reading
Invalid-free in NIOHTTP2.NIOHTTP2Handler.

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44431 ``` Crash type: Invalid-free Crash state: NIOHTTP2.NIOHTTP2Handler. NIOHTTP2.NIOHTTP2Handler.channelRead NIOCore.ChannelHan ...

Continue Reading
5 things you must know about Log4Shell

This is the largest vulnerability we have seen in years. 1. **You may still be vulnerable even if your project is not based on Java.** Many tech stacks are vulnerable because so many tools use the L ...

Continue Reading

Back to Main

Subscribe for the latest news: