Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grpc grpc vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-5469
DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 before 16.10.6 and 16.11.0 before 16.11.3 allows an malicious user to crash KAS via crafted gRPC requests.
NA
CVE-2024-37168
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to versions 1.10.9, 1.9.15, and 1.8.22, there are two separate code paths in which memory can be allocated per message in excess of the `grpc.max_receive_message_length` chann...
NA
CVE-2024-35223
Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Dapr sends the app token of the invoker app instead of the app token of the invoked app. This causes of a leak of the application token of the invoker app to the invoked app whe...
7.5
CVSSv3
CVE-2024-23322
Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configur...
Envoyproxy Envoy
5.3
CVSSv3
CVE-2024-23323
Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28....
Envoyproxy Envoy
7.5
CVSSv3
CVE-2024-23324
Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue ...
Envoyproxy Envoy
7.5
CVSSv3
CVE-2024-23325
Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives...
Envoyproxy Envoy
7.5
CVSSv3
CVE-2024-23327
Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does ...
Envoyproxy Envoy
9.8
CVSSv3
CVE-2024-25089
Malwarebytes Binisoft Windows Firewall Control prior to 6.9.9.2 allows remote malicious users to execute arbitrary code via gRPC named pipes.
Malwarebytes Binisoft Windows Firewall Control
9.8
CVSSv3
CVE-2024-23653
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use th...
Mobyproject Buildkit
3 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »