Category: CVSS3 - HIGH
Connection confusion in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...

Continue Reading
Connection confusion in gRPC

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...

Continue Reading
gRPC Reachable Assertion issue

There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x ! ...

Continue Reading
gRPC Reachable Assertion issue

There exists an vulnerability causing an abort() to be called in gRPC.  The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x ! ...

Continue Reading
Gorilla WebSocket vulnerability

## Releases * Ubuntu 18.04 ESM * Ubuntu 16.04 ESM ## Packages * golang-websocket - Go package implementing the WebSocket protocol It was discovered that Gorilla WebSocket incorrectly handled dec ...

Continue Reading
Security Bulletin: A security vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2023-28867)

## Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server (since 8.5.6), and Us ...

Continue Reading
Moderate: ruby:2.7 security, bug fix, and enhancement update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a la ...

Continue Reading
ruby:2.7 security update

ruby [2.7.4-137] - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz#1986768 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Res ...

Continue Reading
(RHSA-2021:3559) Important: rh-ruby27-ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a l ...

Continue Reading
CVE-2021-37146

An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLR ...

Continue Reading
Load more