82 matches found
Astra Linux - уязвимость в mariadb-10.3
It was discovered that MariaDB v10.7 contains a use-after-poison issue in the interceptormemset function located at /libsanitizer/sanitizercommon/sanitizercommoninterceptors.inc...
Important: rclone
Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...
CVE-2026-40431 SenseLive X3050 Cleartext transmission of sensitive information
A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication attempts and configuration data, is transmitted in cleartext, an attacker with access to the same...
undici: Undici: Denial of Service due to uncontrolled resource consumption
A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...
undici: Undici: Denial of Service due to uncontrolled resource consumption
A flaw was found in Undici. When the interceptors.deduplicate feature is enabled, response data for deduplicated requests can accumulate in memory. A remote attacker, by sending large or chunked responses and concurrent identical requests from an untrusted endpoint, can exploit this uncontrolled...
Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1551)
"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1551 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server...
OESA-2026-1887 kata-containers security update
This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The...
CVE-2026-2368
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code...
CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...
CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path
gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...
Allocation of Resources Without Limits or Throttling
Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the deduplication-handler component when interceptors.deduplicate is enabled. An attacker can cause excessive memo...
CVE-2026-1068
An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application...
CVE-2026-3053 DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
CVE-2026-3053
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
Linux Distros Unpatched Vulnerability : CVE-2025-66869
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8. CVE-2025-66869 Note that Nessus relies on the presence of the package...
CVE-2025-66869
Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...
CVE-2025-66869
Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...
CVE-2025-66869
Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...
CVE-2025-66869
Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...
UBUNTU-CVE-2025-66869
Buffer overflow vulnerability in function strcat in asaninterceptors.cpp in libming 0.4.8...