Lucene search
K

17 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2484)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2335)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

EulerOS 2.0 SP13 : kata-containers (EulerOS-SA-2026-2292)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Amazon
Amazon
added 2026/04/30 12:0 a.m.11 views

Important: rclone

Issue Overview: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
NVD
NVD
added 2026/04/22 5:16 p.m.12 views

CVE-2026-35338

A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not canonicalize the path. An attacker or accidental user can use path variants such as /../ or symbol...

7.3CVSS0.00175EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1551)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1551 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.6 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2026-1548)

"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1548 advisory. gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/04/11 2:5 p.m.7 views

OESA-2026-1887 kata-containers security update

This is core component of Kata Container, to make it work, you need a isulad/docker engine. Security Fixes: gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/25 12:23 a.m.9 views

SUSE CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

8.1CVSS6AI score0.01557EPSS
Exploits1References72
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-33186

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References4
OSV
OSV
added 2026/03/20 11:16 p.m.11 views

UBUNTU-CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/03/20 10:23 p.m.5 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS7.6AI score0.01557EPSS
Exploits1
EUVD
EUVD
added 2026/03/20 10:23 p.m.4 views

EUVD-2026-13830

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References1
OSV
OSV
added 2026/03/20 10:23 p.m.10 views

CVE-2026-33186 gRPC-Go has an authorization bypass via missing leading slash in :path

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS6AI score0.01557EPSS
Exploits1References179
AlpineLinux
AlpineLinux
added 2026/03/20 10:23 p.m.2 views

CVE-2026-33186

gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 :path pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the :path omitted the mandatory...

9.1CVSS5.9AI score0.01557EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:54 a.m.3 views

SUSE CVE-2020-25032

An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

6.8CVSS9.4AI score0.04017EPSS
Exploits0References9
OSV
OSV
added 2020/08/31 4:15 a.m.2 views

UBUNTU-CVE-2020-25032

An issue was discovered in Flask-CORS aka CORS Middleware for Flask before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format...

7.5CVSS7.2AI score0.04017EPSS
Exploits0References4
Rows per page
Query Builder