Connection confusion in gRPC
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading
July 07, 2023
Connection confusion in gRPC
When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of ...
Continue Reading
July 07, 2023
gRPC Reachable Assertion issue
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x ! ...
Continue Reading
July 07, 2023
gRPC Reachable Assertion issue
There exists an vulnerability causing an abort() to be called in gRPC. The following headers cause gRPC's C++ implementation to abort() when called via http2: te: x (x != trailers) :scheme: x (x ! ...
Continue Reading
July 07, 2023
Gorilla WebSocket vulnerability
## Releases * Ubuntu 18.04 ESM * Ubuntu 16.04 ESM ## Packages * golang-websocket - Go package implementing the WebSocket protocol It was discovered that Gorilla WebSocket incorrectly handled dec ...
Continue Reading
July 07, 2023
Security Bulletin: A security vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2023-28867)
## Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server (since 8.5.6), and Us ...
Continue Reading
July 01, 2023
Moderate: ruby:2.7 security, bug fix, and enhancement update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a la ...
Continue Reading
July 01, 2023
ruby:2.7 security update
ruby [2.7.4-137] - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz#1986768 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Res ...
Continue Reading
July 01, 2023
(RHSA-2021:3559) Important: rh-ruby27-ruby security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a l ...
Continue Reading
July 01, 2023
CVE-2021-37146
An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLR ...
Continue Reading
July 01, 2023
