Spoofing

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...

CVE-2023-29193 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The...

GHSA-CJR9-MR35-7XH6 SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

SpiceDB binding metrics port to untrusted networks and can leak command-line flags

Background The spicedb serve command contains a flag named --grpc-preshared-key which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The /debug/pprof/cmdline endpoint served by the metrics service...

PT-2023-2479 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions prior to 1.19.1 Description: The issue is related to the SpiceDB database system, specifically with the /debug/pprof/cmdline endpoint served by the metrics service, which reveals command-line flags provided for debugging...

CVE-2020-36617

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...

Design/Logic Flaw

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...

CVE-2020-36617 ewxrjk sftpserver parse.c sftp_parse_path uninitialized pointer

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...

Web Application Firewalls: The Definitive Primer

Firewalls have traditionally been focused on network layer traffic. As attacks have evolved, however, they have climbed the ladder of the Open Systems Interconnection OSI model. Web Application Firewalls WAFs have developed as a result, not only to track network traffic but also to understand...

Q&A: Chris Hoff on cloud computing

Chris Hoff, the former chief security architect at Unisys and the author of the consistently insightful and funny Rational Survivability blog, is among the most sought-after speakers in the security industry and an authority on cloud computing and virtualization security. In this interview, he...