7 matches found
Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...
CVE-2026-32941
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...
GHSA-XRHH-HX36-485Q Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
Impact In some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The exact scenario when this happens is when: Apache Kafka...
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products
A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...
WSO2多款产品 安全漏洞
WSO2 API Manager and others are products of WSO2 Corporation, USA.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from a lack of...
GHSA-38JW-G2QX-4286 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...
The vulnerability in the implementation of the mTLS protocol for the Envoy proxy server allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the mTLS protocol implementation in Envoy proxy servers is related to insufficient validation of input data during the processing of HTTP headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests HTTP Request Smuggling attack...