280 matches found
CVE-2026-0073
In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...
CVE-2026-0073
In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...
EUVD-2026-27041
In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...
Improper Certificate Validation
Caddy is vulnerable to Improper Certificate Validation. The vulnerability is due to swallowed errors in ClientAuthentication.provision, where failures loading trustedcacertfile or trustedcacertspemfiles are ignored, causing mTLS authentication to fail open and accept any client certificate signed...
ASB-A-469080888
In adbdtlsverifycert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote proximal/adjacent code execution as the shell user with no additional execution privileges needed. User interaction is not needed for...
Linux Distros Unpatched Vulnerability : CVE-2026-40542
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...
Improper Authentication
Apache HttpClient is vulnerable to Improper Authentication. The vulnerability is due to a missing verification step in SCRAM-SHA-256 authentication, which allows an attacker to bypass proper mutual authentication checks and be accepted by the client...
SUSE CVE-2026-40542
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
EUVD-2026-24630
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
GHSA-V468-QCJX-R72W Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
CVE-2026-40542
Apache HttpClient 5.6 is affected by a missing step in SCRAM-SHA-256 mutual authentication, allowing a client to accept authentication without proper mutual verification. The issue impacts the 5.6 release and is fixed by upgrading to version 5.6.1. Affected component: Apache HttpClient (Java), v5...
CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
CVE-2026-40542
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...
Apache HttpClient 安全漏洞
Apache HttpClient is a Java-based client program developed by the Apache Foundation for accessing HTTP resources. It is used to interact with network resources via the HTTP protocol. Version 5.6 of Apache HttpClient contained a security vulnerability, which stemmed from the omission of a critical...
PT-2026-34264
Name of the Vulnerable Software and Affected Versions Apache HttpClient version 5.6 Description A missing critical step in authentication allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Recommendations Upgrade to...
CVE-2026-40944
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...
CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles
Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...
CVE-2026-4837
An eval injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon response. Because the Agent uses mutual TLS mTLS to verify commands from the Rapid7 Platform, it is...