多款 ZITADEL 产品 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from a security vulnerability that stems from a lack of authorization checks, where Actions is abl...

netty: possible request smuggling in HTTP/2 due missing validation

In Netty io.netty:netty-codec-http2 before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by Http2MultiplexHandler as it is propagated up. This is fine as long as the...

The vulnerability of the server software HAProxy arises from improper handling of HTTP headers during the conversion from HTTP/2 to HTTP/1. This allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of server software such as HAProxy stems from improper handling of HTTP headers during the conversion from HTTP/2 to HTTP/1. Exploiting this vulnerability can allow a remote attacker to access sensitive data, compromise its integrity, and cause service failures...

Xen Denial of Service Vulnerability (CNVD-2018-04654)

Xen is an open source virtual machine monitor developed by the Xen Project. A denial of service vulnerability exists in 4.10.x and earlier versions of Xen. A guest operating system user can exploit this vulnerability to cause a denial of service hypervisor crash or gain privileges by triggering a...