SUSE-SU-2026:1200-1 Security update for ignition

This update for ignition fixes the following issue: - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header bsc1260251...

CVE-2025-68151 CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2025-1357)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1357 advisory. There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPCARGTCPTXZEROCOPYENABLED can experience data...

CVE-2025-20159 Cisco IOS XR Software Management Interface ACL Bypass Vulnerability

A vulnerability in the management interface access control list ACL processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features. This vulnerability exists because management interface ACLs have not...

Linux Distros Unpatched Vulnerability : CVE-2023-32731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be...

PT-2025-34888 · Cisco · Cisco Nexus 3000 Series Switches +1

Name of the Vulnerable Software and Affected Versions: Cisco Nexus 3000 Series Switches Cisco Nexus 9000 Series Switches Description: A vulnerability in the Protocol Independent Multicast Version 6 PIM6 feature could allow an authenticated, low-privileged, remote attacker to trigger a crash of th...

Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks

Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findings from Trend Micro. "In this attack, the threat actor used the gRPC protocol over h2c to evade security solutions and execute their crypto mining...