6 matches found
Vmware Spring gRPC 安全漏洞
Vmware Spring gRPC is an extension component for Spring application development developed by Vmware, a company in the United States. Versions 1.0.0 to 1.0.2 of Vmware Spring gRPC contain security vulnerabilities. These vulnerabilities arise when authenticated users are denied access to gRPC...
GHSA-8G29-8XWR-QMHR @grackle-ai/server JSON.parse lacks try-catch logic in its gRPC Service AdapterConfig Handling
Impact JSON.parseenv.adapterConfig is called without error handling in three locations within the gRPC service. While the data originates from the server's own SQLite database and should always be valid JSON, database corruption, migration errors, or unexpected state could cause an unhandled...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the Certificate gRPC service not validating whether the requested IP addresses are associated with the requesting peer. An attacker can obtain valid mTLS certificates for arbitrary IP addresses by...
DragonFly's manager generates mTLS certificates for arbitrary IP addresses
Impact A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if...
Linux Distros Unpatched Vulnerability : CVE-2023-32732
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin...
Design/Logic Flaw
A vulnerability in the Event Management Service daemon emsd of Cisco IOS XR routers could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to improper handling of gRPC requests. An attacker could exploit this...