7073 matches found
keycloak-core: mTLS passthrough
A vulnerability was found in Keycloak. Deployments of Keycloak with a reverse proxy not using pass-through termination of TLS, with mTLS enabled, are affected. This issue may allow an attacker on the local network to authenticate as any user or client that leverages mTLS as the authentication...
org.keycloak/keycloak-quarkus-server: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
CVE-2024-52307 authentik allows a timing attack due to missing constant time comparison for metrics view
authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...
CVE-2024-52307 authentik allows a timing attack due to missing constant time comparison for metrics view
authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...
CVE-2024-52307
CVE-2024-52307 affects the open-source identity provider authentik. A non-constant time comparison on the per-tenant/endpoint path "/-/metrics/" enables brute-forcing the SECRET_KEY used to authenticate that endpoint. The metrics endpoint serves Prometheus data and is not intended for public acce...
CVE-2024-9666
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service DoS attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without prope...
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst
Posted by Ivan Fratric, Google Project Zero Recently, one of the projects I was involved in had to do with video decoding on Apple platforms, specifically AV1 decoding. On Apple devices that support AV1 video format starting from Apple A17 iOS / M3 macOS, decoding is done in hardware. However,...
Red Hat Keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak, which arises from a reverse proxy that does not use TLS delivery termination and has mTLS...
DEBIAN-CVE-2024-53064
In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset i...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
libsoup: HTTP request smuggling via stripping null bytes from the ends of header names
A flaw was found in the Libsoup library. When Libsoup parses HTTP headers, it ignores null bytes at the end of header names. Thus, Transfer-Encoding: chunked is equivalent to Transfer-Encoding\x00: chunked. This issue allows request smuggling when Libsoup is used in a service behind a reverse pro...
CVE-2024-52010
Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...